/* Same as above, except it tries to read at least 'nbytes' instead of 'nlines'. */
nsock_event_id nsock_readbytes(nsock_pool nsp, nsock_iod ms_iod, nsock_ev_handler handler, int timeout_msecs,
void *userdata, int nbytes) {
msiod *nsi = (msiod *)ms_iod;
mspool *ms = (mspool *)nsp;
msevent *nse;
nse = msevent_new(ms, NSE_TYPE_READ, nsi, timeout_msecs, handler, userdata);
assert(nse);
if (ms->tracelevel > 0) {
if (nsi->peerlen > 0)
nsock_trace(ms, "Read request for %d bytes from IOD #%li [%s:%d] EID %li",
nbytes, nsi->id, inet_ntop_ez(&nsi->peer, nsi->peerlen), nsi_peerport(nsi), nse->id);
else
nsock_trace(ms, "Read request for %d bytes from IOD #%li (peer unspecified) EID %li",
nbytes, nsi->id, nse->id);
}
nse->readinfo.read_type = NSOCK_READBYTES;
nse->readinfo.num = nbytes;
nsp_add_event(ms, nse);
return nse->id;
}
/* Here is the all important looping function that tells the event engine to
* start up and begin processing events. It will continue until all events have
* been delivered (including new ones started from event handlers), or the
* msec_timeout is reached, or a major error has occurred. Use -1 if you don't
* want to set a maximum time for it to run. A timeout of 0 will return after 1
* non-blocking loop. The nsock loop can be restarted again after it returns.
* For example you could do a series of 15 second runs, allowing you to do other
* stuff between them */
enum nsock_loopstatus nsock_loop(nsock_pool nsp, int msec_timeout) {
mspool *ms = (mspool *)nsp;
struct timeval loop_timeout;
int msecs_left;
unsigned long loopnum = 0;
enum nsock_loopstatus quitstatus = NSOCK_LOOP_ERROR;
gettimeofday(&nsock_tod, NULL);
if (msec_timeout < -1) {
ms->errnum = EINVAL;
return NSOCK_LOOP_ERROR;
}
TIMEVAL_MSEC_ADD(loop_timeout, nsock_tod, msec_timeout);
msecs_left = msec_timeout;
if (ms->tracelevel > 2) {
if (msec_timeout >= 0)
nsock_trace(ms, "nsock_loop() started (timeout=%dms). %d events pending",
msec_timeout, ms->events_pending);
else
nsock_trace(ms, "nsock_loop() started (no timeout). %d events pending",
ms->events_pending);
}
while (1) {
if (ms->quit) {
/* We've been asked to quit the loop through nsock_loop_quit. */
ms->quit = 0;
quitstatus = NSOCK_LOOP_QUIT;
break;
}
if (ms->events_pending == 0) {
/* if no events at all are pending, then none can be created until
* we quit nsock_loop() -- so we do that now. */
quitstatus = NSOCK_LOOP_NOEVENTS;
break;
}
if (msec_timeout >= 0) {
msecs_left = MAX(0, TIMEVAL_MSEC_SUBTRACT(loop_timeout, nsock_tod));
if (msecs_left == 0 && loopnum > 0) {
quitstatus = NSOCK_LOOP_TIMEOUT;
break;
}
}
if (ms->engine->loop(ms, msecs_left) == -1) {
quitstatus = NSOCK_LOOP_ERROR;
break;
}
gettimeofday(&nsock_tod, NULL); /* we do this at end because there is one
* at beginning of function */
loopnum++;
}
return quitstatus;
}
/* Remember that pcap descriptor is in nonblocking state. */
int do_actual_pcap_read(msevent *nse) {
mspcap *mp = (mspcap *)nse->iod->pcap;
nsock_pcap npp;
nsock_pcap *n;
struct pcap_pkthdr *pkt_header;
const unsigned char *pkt_data = NULL;
int rc;
memset(&npp, 0, sizeof(nsock_pcap));
if (nse->iod->nsp->tracelevel > 2)
nsock_trace(nse->iod->nsp, "PCAP do_actual_pcap_read TEST (IOD #%li) (EID #%li)",
nse->iod->id, nse->id);
assert( FILESPACE_LENGTH(&(nse->iobuf)) == 0 );
rc = pcap_next_ex(mp->pt, &pkt_header, &pkt_data);
switch(rc) {
case 1: /* read good packet */
#ifdef PCAP_RECV_TIMEVAL_VALID
npp.ts = pkt_header->ts;
#else
/* on these platforms time received from pcap is invalid. It's better to set current time */
memcpy(&npp.ts, nsock_gettimeofday(), sizeof(struct timeval));
#endif
npp.len = pkt_header->len;
npp.caplen = pkt_header->caplen;
npp.packet = pkt_data;
fscat(&(nse->iobuf), (char *)&npp, sizeof(npp));
fscat(&(nse->iobuf), (char *)pkt_data, npp.caplen);
n = (nsock_pcap *)FILESPACE_STR(&(nse->iobuf));
n->packet = (unsigned char *)FILESPACE_STR(&(nse->iobuf)) + sizeof(npp);
if (nse->iod->nsp->tracelevel > 2)
nsock_trace(nse->iod->nsp, "PCAP do_actual_pcap_read READ (IOD #%li) (EID #%li) size=%i",
nse->iod->id, nse->id, pkt_header->caplen);
return(1);
case 0: /* timeout */
return(0);
case -1: /* error */
fatal("pcap_next_ex() fatal error while reading from pcap: %s\n", pcap_geterr(mp->pt));
break;
case -2: /* no more packets in savefile (if reading from one) */
default:
assert(0);
}
return 0;
}
nsock_event_id nsock_sendto(nsock_pool ms_pool, nsock_iod ms_iod,
nsock_ev_handler handler, int timeout_msecs,
void *userdata, struct sockaddr *saddr, size_t sslen,
unsigned short port, const char *data, int datalen) {
mspool *nsp = (mspool *) ms_pool;
msiod *nsi = (msiod *) ms_iod;
msevent *nse;
char displaystr[256];
struct sockaddr_in *sin = (struct sockaddr_in *) saddr;
#if HAVE_IPV6
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) saddr;
#endif
nse = msevent_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler,
userdata);
assert(nse);
if (sin->sin_family == AF_INET) {
sin->sin_port = htons(port);
} else {
assert(sin->sin_family == AF_INET6);
#if HAVE_IPV6
sin6->sin6_port = htons(port);
#else
fatal("IPv6 address passed to nsock_connect_* call, but nsock was not compiled w/IPv6 support");
#endif
}
assert(sslen <= sizeof(nse->writeinfo.dest));
memcpy(&nse->writeinfo.dest, saddr, sslen);
nse->writeinfo.destlen = sslen;
assert(sslen <= sizeof(nse->iod->peer));
memcpy(&nse->iod->peer, saddr, sslen);
nse->iod->peerlen = sslen;
if (datalen < 0)
datalen = (int) strlen(data);
if (nsp->tracelevel > 0) {
if (nsp->tracelevel > 1 && datalen < 80) {
memcpy(displaystr, ": ", 2);
memcpy(displaystr + 2, data, datalen);
displaystr[2 + datalen] = '\0';
replacenonprintable(displaystr + 2, datalen, '.');
} else {
displaystr[0] = '\0';
}
nsock_trace(nsp, "Sendto request for %d bytes to IOD #%li EID %li [%s:%hu]%s",
datalen, nsi->id, nse->id,
inet_ntop_ez(&nse->writeinfo.dest, nse->writeinfo.destlen), port,
displaystr);
}
fscat(&nse->iobuf, data, datalen);
nsp_add_event(nsp, nse);
return nse->id;
}
/* Write some data to the socket. If the write is not COMPLETED within timeout_msecs , NSE_STATUS_TIMEOUT will be returned. If you are supplying NUL-terminated data, you can optionally pass -1 for datalen and nsock_write will figure out the length itself */
nsock_event_id nsock_write(nsock_pool ms_pool, nsock_iod ms_iod,
nsock_ev_handler handler, int timeout_msecs,
void *userdata, const char *data, int datalen) {
mspool *nsp = (mspool *) ms_pool;
msiod *nsi = (msiod *) ms_iod;
msevent *nse;
char displaystr[256];
nse = msevent_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler,
userdata);
assert(nse);
nse->writeinfo.dest.ss_family = AF_UNSPEC;
if (datalen < 0)
datalen = (int) strlen(data);
if (nsp->tracelevel > 0) {
if (nsp->tracelevel > 1 && datalen < 80) {
memcpy(displaystr, ": ", 2);
memcpy(displaystr + 2, data, datalen);
displaystr[2 + datalen] = '\0';
replacenonprintable(displaystr + 2, datalen, '.');
} else displaystr[0] = '\0';
if (nsi->peerlen > 0)
nsock_trace(nsp, "Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s", datalen, nsi->id,
nse->id, inet_ntop_ez(&nsi->peer, nsi->peerlen), nsi_peerport(nsi), displaystr);
else
nsock_trace(nsp, "Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s", datalen,
nsi->id, nse->id, displaystr);
}
fscat(&nse->iobuf, data, datalen);
nsp_add_event(nsp, nse);
return nse->id;
}
/* Requests exactly one packet to be captured. */
nsock_event_id nsock_pcap_read_packet(nsock_pool nsp, nsock_iod nsiod,
nsock_ev_handler handler, int timeout_msecs, void *userdata) {
msiod *nsi = (msiod *)nsiod;
mspool *ms = (mspool *)nsp;
msevent *nse;
nse = msevent_new(ms, NSE_TYPE_PCAP_READ, nsi, timeout_msecs, handler, userdata);
assert(nse);
if (ms->tracelevel > 0)
nsock_trace(ms, "Pcap read request from IOD #%li EID %li",
nsi->id, nse->id);
nsp_add_event(ms, nse);
return nse->id;
}
void process_event(mspool *nsp, gh_list *evlist, msevent *nse, int ev) {
int match_r = 0, match_w = 0;
#if HAVE_OPENSSL
int desire_r = 0, desire_w = 0;
#endif
if (nsp->tracelevel > 7)
nsock_trace(nsp, "Processing event %lu", nse->id);
if (!nse->event_done) {
switch(nse->type) {
case NSE_TYPE_CONNECT:
case NSE_TYPE_CONNECT_SSL:
if (ev != EV_NONE)
handle_connect_result(nsp, nse, NSE_STATUS_SUCCESS);
if (!nse->event_done && nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod))
handle_connect_result(nsp, nse, NSE_STATUS_TIMEOUT);
break;
case NSE_TYPE_READ:
match_r = ev & EV_READ;
match_w = ev & EV_WRITE;
#if HAVE_OPENSSL
desire_r = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ;
desire_w = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE;
if (nse->iod->ssl && ((desire_r && match_r) || (desire_w && match_w)))
handle_read_result(nsp, nse, NSE_STATUS_SUCCESS);
else
#endif
if (!nse->iod->ssl && match_r)
handle_read_result(nsp, nse, NSE_STATUS_SUCCESS);
if (!nse->event_done && nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod))
handle_read_result(nsp, nse, NSE_STATUS_TIMEOUT);
break;
case NSE_TYPE_WRITE:
match_r = ev & EV_READ;
match_w = ev & EV_WRITE;
#if HAVE_OPENSSL
desire_r = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ;
desire_w = nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE;
if (nse->iod->ssl && ((desire_r && match_r) || (desire_w && match_w)))
handle_write_result(nsp, nse, NSE_STATUS_SUCCESS);
else
#endif
if (!nse->iod->ssl && match_w)
handle_write_result(nsp, nse, NSE_STATUS_SUCCESS);
if (!nse->event_done && nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod))
handle_write_result(nsp, nse, NSE_STATUS_TIMEOUT);
break;
case NSE_TYPE_TIMER:
if (nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod))
handle_timer_result(nsp, nse, NSE_STATUS_SUCCESS);
break;
#if HAVE_PCAP
case NSE_TYPE_PCAP_READ:{
if (nsp->tracelevel > 5)
nsock_trace(nsp, "PCAP iterating %lu", nse->id);
if (ev & EV_READ) {
/* buffer empty? check it! */
if (FILESPACE_LENGTH(&(nse->iobuf)) == 0)
do_actual_pcap_read(nse);
}
/* if already received smth */
if (FILESPACE_LENGTH(&(nse->iobuf)) > 0)
handle_pcap_read_result(nsp, nse, NSE_STATUS_SUCCESS);
if (!nse->event_done && nse->timeout.tv_sec && !TIMEVAL_AFTER(nse->timeout, nsock_tod))
handle_pcap_read_result(nsp, nse, NSE_STATUS_TIMEOUT);
#if PCAP_BSD_SELECT_HACK
/* If event occurred, and we're in BSD_HACK mode, then this event was added
* to two queues. read_event and pcap_read_event
* Of course we should destroy it only once.
* I assume we're now in read_event, so just unlink this event from
* pcap_read_event */
if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 && nse->event_done && evlist == &nsp->read_events) {
/* event is done, list is read_events and we're in BSD_HACK mode.
* So unlink event from pcap_read_events */
update_first_events(nse);
gh_list_remove(&nsp->pcap_read_events, nse);
if (nsp->tracelevel > 8)
nsock_trace(nsp, "PCAP NSE #%lu: Removing event from PCAP_READ_EVENTS", nse->id);
}
if (((mspcap *)nse->iod->pcap)->pcap_desc >= 0 && nse->event_done && evlist == &nsp->pcap_read_events) {
update_first_events(nse);
gh_list_remove(&nsp->read_events, nse);
if (nsp->tracelevel > 8)
nsock_trace(nsp, "PCAP NSE #%lu: Removing event from READ_EVENTS", nse->id);
}
#endif
break;
}
#endif
default:
fatal("Event has unknown type (%d)", nse->type);
break; /* unreached */
}
}
if (nse->event_done) {
/* Security sanity check: don't return a functional SSL iod without setting an SSL data structure. */
if (nse->type == NSE_TYPE_CONNECT_SSL && nse->status == NSE_STATUS_SUCCESS)
assert(nse->iod->ssl != NULL);
if (nsp->tracelevel > 8)
nsock_trace(nsp, "NSE #%lu: Sending event", nse->id);
/* WooHoo! The event is ready to be sent */
msevent_dispatch_and_delete(nsp, nse, 1);
} else {
/* Is this event the next-to-timeout? */
if (nse->timeout.tv_sec != 0) {
if (nsp->next_ev.tv_sec == 0)
nsp->next_ev = nse->timeout;
else if (TIMEVAL_AFTER(nsp->next_ev, nse->timeout))
nsp->next_ev = nse->timeout;
}
}
}
/* Returns -1 if an error, otherwise the number of newly written bytes */
static int do_actual_read(mspool *ms, msevent *nse) {
char buf[8192];
int buflen = 0;
msiod *iod = nse->iod;
int err = 0;
int max_chunk = NSOCK_READ_CHUNK_SIZE;
int startlen = FILESPACE_LENGTH(&nse->iobuf);
if (nse->readinfo.read_type == NSOCK_READBYTES)
max_chunk = nse->readinfo.num;
if (!iod->ssl) {
do {
struct sockaddr_storage peer;
socklen_t peerlen;
peerlen = sizeof(peer);
buflen = recvfrom(iod->sd, buf, sizeof(buf), 0, (struct sockaddr *)&peer, &peerlen);
/* Using recv() was failing, at least on UNIX, for non-network sockets
* (i.e. stdin) in this case, a read() is done - as on ENOTSOCK we may
* have a non-network socket */
if (buflen == -1) {
if (socket_errno() == ENOTSOCK) {
peer.ss_family = AF_UNSPEC;
peerlen = 0;
buflen = read(iod->sd, buf, sizeof(buf));
}
}
if (buflen == -1) {
err = socket_errno();
break;
}
if (peerlen > 0) {
assert(peerlen <= sizeof(iod->peer));
memcpy(&iod->peer, &peer, peerlen);
iod->peerlen = peerlen;
}
if (buflen > 0) {
if (fscat(&nse->iobuf, buf, buflen) == -1) {
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = ENOMEM;
return -1;
}
/* Sometimes a service just spews and spews data. So we return after a
* somewhat large amount to avoid monopolizing resources and avoid DOS
* attacks. */
if (FILESPACE_LENGTH(&nse->iobuf) > max_chunk)
return FILESPACE_LENGTH(&nse->iobuf) - startlen;
/* No good reason to read again if we we were successful in the read but
* didn't fill up the buffer. Especially for UDP, where we want to
* return only one datagram at a time. The consistency of the above
* assignment of iod->peer depends on not consolidating more than one
* UDP read buffer. */
if (buflen > 0 && buflen < sizeof(buf))
return FILESPACE_LENGTH(&nse->iobuf) - startlen;
}
} while (buflen > 0 || (buflen == -1 && err == EINTR));
if (buflen == -1) {
if (err != EINTR && err != EAGAIN) {
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = err;
return -1;
}
}
} else {
#if HAVE_OPENSSL
/* OpenSSL read */
while ((buflen = SSL_read(iod->ssl, buf, sizeof(buf))) > 0) {
if (fscat(&nse->iobuf, buf, buflen) == -1) {
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = ENOMEM;
return -1;
}
/* Sometimes a service just spews and spews data. So we return
* after a somewhat large amount to avoid monopolizing resources
* and avoid DOS attacks. */
if (FILESPACE_LENGTH(&nse->iobuf) > max_chunk)
return FILESPACE_LENGTH(&nse->iobuf) - startlen;
}
if (buflen == -1) {
err = SSL_get_error(iod->ssl, buflen);
if (err == SSL_ERROR_WANT_READ) {
int evclr;
evclr = socket_count_dec_ssl_desire(nse);
socket_count_read_inc(iod);
update_events(iod, ms, EV_READ, evclr);
nse->sslinfo.ssl_desire = err;
} else if (err == SSL_ERROR_WANT_WRITE) {
int evclr;
evclr = socket_count_dec_ssl_desire(nse);
socket_count_write_inc(iod);
update_events(iod, ms, EV_WRITE, evclr);
nse->sslinfo.ssl_desire = err;
} else {
/* Unexpected error */
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = EIO;
if (ms->tracelevel > 2)
nsock_trace(ms, "SSL_read() failed for reason %s on NSI %li",
ERR_reason_error_string(err), iod->id);
return -1;
}
}
#endif /* HAVE_OPENSSL */
}
if (buflen == 0) {
nse->event_done = 1;
nse->eof = 1;
if (FILESPACE_LENGTH(&nse->iobuf) > 0) {
nse->status = NSE_STATUS_SUCCESS;
return FILESPACE_LENGTH(&nse->iobuf) - startlen;
} else {
nse->status = NSE_STATUS_EOF;
return 0;
}
}
return FILESPACE_LENGTH(&nse->iobuf) - startlen;
}
/* handle_connect_results assumes that select or poll have already shown the
* descriptor to be active */
void handle_connect_result(mspool *ms, msevent *nse, enum nse_status status) {
int optval;
socklen_t optlen = sizeof(int);
msiod *iod = nse->iod;
#if HAVE_OPENSSL
int sslerr;
int rc = 0;
int sslconnect_inprogress = nse->type == NSE_TYPE_CONNECT_SSL && nse->iod &&
(nse->sslinfo.ssl_desire == SSL_ERROR_WANT_READ ||
nse->sslinfo.ssl_desire == SSL_ERROR_WANT_WRITE);
#else
int sslconnect_inprogress = 0;
#endif
if (status == NSE_STATUS_TIMEOUT || status == NSE_STATUS_CANCELLED) {
nse->status = status;
nse->event_done = 1;
} else if (sslconnect_inprogress) {
/* Do nothing */
} else if (status == NSE_STATUS_SUCCESS) {
/* First we want to determine whether the socket really is connected */
if (getsockopt(iod->sd, SOL_SOCKET, SO_ERROR, (char *)&optval, &optlen) != 0)
optval = socket_errno(); /* Stupid Solaris */
switch(optval) {
case 0:
nse->status = NSE_STATUS_SUCCESS;
break;
/* EACCES can be caused by ICMPv6 dest-unreach-admin, or when a port is
blocked by Windows Firewall (WSAEACCES). */
case EACCES:
case ECONNREFUSED:
case EHOSTUNREACH:
case ENETDOWN:
case ENETUNREACH:
case ENETRESET:
case ECONNABORTED:
case ETIMEDOUT:
case EHOSTDOWN:
case ECONNRESET:
#ifdef WIN32
case WSAEADDRINUSE:
case WSAEADDRNOTAVAIL:
#endif
#ifndef WIN32
case EPIPE: /* Has been seen after connect on Linux. */
case ENOPROTOOPT: /* Also seen on Linux, perhaps in response to protocol unreachable. */
#endif
nse->status = NSE_STATUS_ERROR;
nse->errnum = optval;
break;
default:
fprintf(stderr, "Strange connect error from %s (%d): %s",
inet_ntop_ez(&iod->peer, iod->peerlen), optval, socket_strerror(optval));
assert(0); /* I'd like for someone to report it */
break;
}
/* Now special code for the SSL case where the TCP connection was successful. */
if (nse->type == NSE_TYPE_CONNECT_SSL &&
nse->status == NSE_STATUS_SUCCESS) {
#if HAVE_OPENSSL
assert(ms->sslctx != NULL);
/* Reuse iod->ssl if present. If set, this is the second try at connection
without the SSL_OP_NO_SSLv2 option set. */
if (iod->ssl == NULL) {
iod->ssl = SSL_new(ms->sslctx);
if (!iod->ssl)
fatal("SSL_new failed: %s", ERR_error_string(ERR_get_error(), NULL));
}
if (iod->hostname != NULL) {
#if HAVE_SSL_SET_TLSEXT_HOST_NAME
if (SSL_set_tlsext_host_name(iod->ssl, iod->hostname) != 1)
fatal("SSL_set_tlsext_host_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
#endif
}
/* Associate our new SSL with the connected socket. It will inherit the
* non-blocking nature of the sd */
if (SSL_set_fd(iod->ssl, iod->sd) != 1) {
fatal("SSL_set_fd failed: %s", ERR_error_string(ERR_get_error(), NULL));
}
/* Event not done -- need to do SSL connect below */
nse->sslinfo.ssl_desire = SSL_ERROR_WANT_CONNECT;
#endif
} else {
/* This is not an SSL connect (in which case we are always done), or the
* TCP connect() underlying the SSL failed (in which case we are also done */
nse->event_done = 1;
}
} else {
assert(0); /* Currently we only know about TIMEOUT and SUCCESS callbacks */
}
/* At this point the TCP connection is done, whether successful or not.
* Therefore decrease the read/write listen counts that were incremented in
* nsp_add_event. In the SSL case, we may increase one of the counts depending
* on whether SSL_connect returns an error of SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. In that case we will re-enter this function, but we
* don't want to execute this block again. */
if (iod->sd != -1 && !sslconnect_inprogress) {
int ev = EV_NONE;
ev |= socket_count_read_dec(iod);
ev |= socket_count_write_dec(iod);
ev |= EV_EXCEPT;
update_events(iod, ms, EV_NONE, ev);
}
#if HAVE_OPENSSL
if (nse->type == NSE_TYPE_CONNECT_SSL && !nse->event_done) {
/* Lets now start/continue/finish the connect! */
if (iod->ssl_session) {
rc = SSL_set_session(iod->ssl, iod->ssl_session);
if (rc == 0)
fprintf(stderr, "Uh-oh: SSL_set_session() failed - please tell Fyodor\n");
iod->ssl_session = NULL; /* No need for this any more */
}
/* If this is a reinvocation of handle_connect_result, clear out the listen
* bits that caused it, based on the previous SSL desire. */
if (sslconnect_inprogress) {
int ev;
ev = socket_count_dec_ssl_desire(nse);
update_events(iod, ms, EV_NONE, ev);
}
rc = SSL_connect(iod->ssl);
if (rc == 1) {
/* Woop! Connect is done! */
nse->event_done = 1;
/* Check that certificate verification was okay, if requested. */
if (nsi_ssl_post_connect_verify(iod)) {
nse->status = NSE_STATUS_SUCCESS;
} else {
if (ms->tracelevel > 0)
nsock_trace(ms, "certificate verification error for EID %li: %s",
nse->id, ERR_error_string(ERR_get_error(), NULL));
nse->status = NSE_STATUS_ERROR;
}
} else {
long options = SSL_get_options(iod->ssl);
sslerr = SSL_get_error(iod->ssl, rc);
if (rc == -1 && sslerr == SSL_ERROR_WANT_READ) {
nse->sslinfo.ssl_desire = sslerr;
socket_count_read_inc(iod);
update_events(iod, ms, EV_READ, EV_NONE);
} else if (rc == -1 && sslerr == SSL_ERROR_WANT_WRITE) {
nse->sslinfo.ssl_desire = sslerr;
socket_count_write_inc(iod);
update_events(iod, ms, EV_WRITE, EV_NONE);
} else if (!(options & SSL_OP_NO_SSLv2)) {
int saved_ev;
/* SSLv3-only and TLSv1-only servers can't be connected to when the
* SSL_OP_NO_SSLv2 option is not set, which is the case when the pool
* was initialized with nsp_ssl_init_max_speed. Try reconnecting with
* SSL_OP_NO_SSLv2. Never downgrade a NO_SSLv2 connection to one that
* might use SSLv2. */
if (ms->tracelevel > 0)
nsock_trace(ms, "EID %li reconnecting with SSL_OP_NO_SSLv2", nse->id);
saved_ev = iod->watched_events;
ms->engine->iod_unregister(ms, iod);
close(iod->sd);
nsock_connect_internal(ms, nse, SOCK_STREAM, iod->lastproto, &iod->peer, iod->peerlen, nsi_peerport(iod));
ms->engine->iod_register(ms, iod, saved_ev);
SSL_clear(iod->ssl);
if(!SSL_clear(iod->ssl))
fatal("SSL_clear failed: %s", ERR_error_string(ERR_get_error(), NULL));
SSL_set_options(iod->ssl, options | SSL_OP_NO_SSLv2);
socket_count_read_inc(nse->iod);
socket_count_write_inc(nse->iod);
update_events(iod, ms, EV_READ|EV_WRITE, EV_NONE);
nse->sslinfo.ssl_desire = SSL_ERROR_WANT_CONNECT;
} else {
if (ms->tracelevel > 0)
nsock_trace(ms, "EID %li %s", nse->id, ERR_error_string(ERR_get_error(), NULL));
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = EIO;
}
}
}
#endif
return;
}
/* An event has been completed and the handler is about to be called. This
* function writes out tracing data about the event if necessary */
void nsock_trace_handler_callback(mspool *ms, msevent *nse) {
msiod *nsi;
char *str;
int strlength = 0;
char displaystr[256];
char errstr[256];
if (ms->tracelevel == 0)
return;
nsi = nse->iod;
if (nse->status == NSE_STATUS_ERROR)
Snprintf(errstr, sizeof(errstr), "[%s (%d)] ", socket_strerror(nse->errnum), nse->errnum);
else
errstr[0] = '\0';
/* Some types have special tracing treatment */
switch(nse->type) {
case NSE_TYPE_CONNECT:
case NSE_TYPE_CONNECT_SSL:
nsock_trace(ms, "Callback: %s %s %sfor EID %li [%s]",
nse_type2str(nse->type), nse_status2str(nse->status),
errstr, nse->id, get_peeraddr_string(nsi));
break;
case NSE_TYPE_READ:
if (nse->status != NSE_STATUS_SUCCESS) {
if (nsi->peerlen > 0) {
nsock_trace(ms, "Callback: %s %s %sfor EID %li [%s]",
nse_type2str(nse->type), nse_status2str(nse->status),
errstr, nse->id, get_peeraddr_string(nsi));
} else {
nsock_trace(ms, "Callback: %s %s %sfor EID %li (peer unspecified)",
nse_type2str(nse->type), nse_status2str(nse->status),
errstr, nse->id);
}
} else {
str = nse_readbuf(nse, &strlength);
if (ms->tracelevel > 1 && strlength < 80) {
memcpy(displaystr, ": ", 2);
memcpy(displaystr + 2, str, strlength);
displaystr[2 + strlength] = '\0';
replacenonprintable(displaystr + 2, strlength, '.');
} else {
displaystr[0] = '\0';
}
if (nsi->peerlen > 0) {
nsock_trace(ms, "Callback: %s %s for EID %li [%s] %s(%d bytes)%s",
nse_type2str(nse->type), nse_status2str(nse->status),
nse->id, get_peeraddr_string(nsi),
nse_eof(nse)? "[EOF]" : "", strlength, displaystr);
} else {
nsock_trace(ms, "Callback %s %s for EID %li (peer unspecified) %s(%d bytes)%s",
nse_type2str(nse->type), nse_status2str(nse->status),
nse->id, nse_eof(nse)? "[EOF]" : "", strlength, displaystr);
}
}
break;
case NSE_TYPE_WRITE:
nsock_trace(ms, "Callback: %s %s %sfor EID %li [%s]",
nse_type2str(nse->type), nse_status2str(nse->status), errstr,
nse->id, get_peeraddr_string(nsi));
break;
case NSE_TYPE_TIMER:
nsock_trace(ms, "Callback: %s %s %sfor EID %li",
nse_type2str(nse->type), nse_status2str(nse->status), errstr,
nse->id);
break;
#if HAVE_PCAP
case NSE_TYPE_PCAP_READ:
nsock_trace(ms, "Callback: %s %s %sfor EID %li ",
nse_type2str(nse->type), nse_status2str(nse->status),
errstr, nse->id);
break;
#endif
default:
assert(0);
break;
}
}
/* Adds an event to the appropriate nsp event list, handles housekeeping such as
* adjusting the descriptor select/poll lists, registering the timeout value,
* etc. */
void nsp_add_event(mspool *nsp, msevent *nse) {
if (nsp->tracelevel > 5)
nsock_trace(nsp, "NSE #%lu: Adding event", nse->id);
/* First lets do the event-type independent stuff, starting with timeouts */
if (nse->event_done) {
nsp->next_ev = nsock_tod;
} else {
if (nse->timeout.tv_sec != 0) {
if (nsp->next_ev.tv_sec == 0)
nsp->next_ev = nse->timeout;
else if (TIMEVAL_AFTER(nsp->next_ev, nse->timeout))
nsp->next_ev = nse->timeout;
}
}
nsp->events_pending++;
/* Now we do the event type specific actions */
switch(nse->type) {
case NSE_TYPE_CONNECT:
case NSE_TYPE_CONNECT_SSL:
if (!nse->event_done) {
assert(nse->iod->sd >= 0);
socket_count_read_inc(nse->iod);
socket_count_write_inc(nse->iod);
update_events(nse->iod, nsp, EV_READ|EV_WRITE|EV_EXCEPT, EV_NONE);
}
iod_add_event(nse->iod, nse);
break;
case NSE_TYPE_READ:
if (!nse->event_done) {
assert(nse->iod->sd >= 0);
socket_count_read_inc(nse->iod);
update_events(nse->iod, nsp, EV_READ, EV_NONE);
#if HAVE_OPENSSL
if (nse->iod->ssl)
nse->sslinfo.ssl_desire = SSL_ERROR_WANT_READ;
#endif
}
iod_add_event(nse->iod, nse);
break;
case NSE_TYPE_WRITE:
if (!nse->event_done) {
assert(nse->iod->sd >= 0);
socket_count_write_inc(nse->iod);
update_events(nse->iod, nsp, EV_WRITE, EV_NONE);
#if HAVE_OPENSSL
if (nse->iod->ssl)
nse->sslinfo.ssl_desire = SSL_ERROR_WANT_WRITE;
#endif
}
iod_add_event(nse->iod, nse);
break;
case NSE_TYPE_TIMER:
gh_list_append(&nsp->timer_events, nse);
break;
#if HAVE_PCAP
case NSE_TYPE_PCAP_READ: {
mspcap *mp = (mspcap *)nse->iod->pcap;
assert(mp);
if (mp->pcap_desc >= 0) { /* pcap descriptor present */
if (!nse->event_done) {
socket_count_readpcap_inc(nse->iod);
update_events(nse->iod, nsp, EV_READ, EV_NONE);
}
if (nsp->tracelevel > 8)
nsock_trace(nsp, "PCAP NSE #%lu: Adding event to READ_EVENTS", nse->id);
#if PCAP_BSD_SELECT_HACK
/* when using BSD hack we must do pcap_next() after select().
* Let's insert this pcap to bot queues, to selectable and nonselectable.
* This will result in doing pcap_next_ex() just before select() */
if (nsp->tracelevel > 8)
nsock_trace(nsp, "PCAP NSE #%lu: Adding event to PCAP_READ_EVENTS", nse->id);
#endif
} else {
/* pcap isn't selectable. Add it to pcap-specific queue. */
if (nsp->tracelevel > 8)
nsock_trace(nsp, "PCAP NSE #%lu: Adding event to PCAP_READ_EVENTS", nse->id);
}
iod_add_event(nse->iod, nse);
break;
}
#endif
default:
assert(0);
break; /* unreached */
}
}
/* Convert new nsiod to pcap descriptor. Other parameters have the same meaning
* as for pcap_open_live in pcap(3).
* device : pcap-style device name
* snaplen : size of packet to be copied to hanler
* promisc : whether to open device in promiscuous mode
* bpf_fmt : berkeley filter
* return value: NULL if everything was okay, or error string if error occurred. */
char* nsock_pcap_open(nsock_pool nsp, nsock_iod nsiod, const char *pcap_device, int snaplen,
int promisc, const char *bpf_fmt, ...) {
msiod *nsi = (msiod *)nsiod;
mspool *ms = (mspool *)nsp;
mspcap *mp = (mspcap *)nsi->pcap;
static char errorbuf[128];
char err0r[PCAP_ERRBUF_SIZE];
/* packet filter string */
char bpf[4096];
va_list ap;
int failed, datalink;
char *e;
gettimeofday(&nsock_tod, NULL);
#ifdef PCAP_CAN_DO_SELECT
#if PCAP_BSD_SELECT_HACK
/* MacOsX reports error if to_ms is too big (like INT_MAX) with error
* FAILED. Reported error: BIOCSRTIMEOUT: Invalid argument
* INT_MAX/6 (=357913941) seems to be working... */
int to_ms = 357913941;
#else
int to_ms = 200;
#endif /* PCAP_BSD_SELECT_HACK */
#else
int to_ms = 1;
#endif
if (mp)
return "nsock-pcap: this nsi already has pcap device opened";
mp = (mspcap *)safe_zalloc(sizeof(mspcap));
nsi->pcap = (void *)mp;
va_start(ap, bpf_fmt);
if (Vsnprintf(bpf, sizeof(bpf), bpf_fmt, ap) >= (int)sizeof(bpf)) {
va_end(ap);
return "nsock-pcap: nsock_pcap_open called with too-large bpf filter arg";
}
va_end(ap);
if (ms->tracelevel > 0)
nsock_trace(ms,
"PCAP requested on device '%s' with berkeley filter '%s' (promisc=%i snaplen=%i to_ms=%i) (IOD #%li)",
pcap_device,bpf, promisc, snaplen, to_ms, nsi->id);
failed = 0;
do {
mp->pt = pcap_open_live((char* )pcap_device, snaplen, promisc, to_ms, err0r);
if (mp->pt) /* okay, opened!*/
break;
/* sorry, something failed*/
if (++failed >= 3) {
mp->pcap_device = strdup(pcap_device);
fprintf(stderr,
"Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error: %s\n"
"There are several possible reasons for this, depending on your operating system:\n"
"LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with PACKET enabled.\n"
"*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n"
"*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n"
"SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-PN -sT localhost\" though.\n\n",
pcap_device, snaplen, promisc, to_ms, err0r);
return "nsock-pcap: can't open pcap! Are you root?";
}
fprintf(stderr,
"pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.\n",
pcap_device, snaplen, promisc, to_ms, err0r, 4*failed);
sleep(4* failed);
} while (1);
e = nsock_pcap_set_filter(mp->pt, pcap_device, bpf);
if (e)
return e;
#ifdef WIN32
/* We want any responses back ASAP */
pcap_setmintocopy(mp->pt, 1);
#endif
mp->l3_offset = nsock_pcap_get_l3_offset(mp->pt, &datalink);
mp->snaplen = snaplen;
mp->datalink = datalink;
mp->pcap_device = strdup(pcap_device);
#ifdef PCAP_CAN_DO_SELECT
mp->pcap_desc = pcap_get_selectable_fd(mp->pt);
#else
mp->pcap_desc = -1;
#endif
mp->readsd_count = 0;
/* Without setting this ioctl, some systems (BSDs, though it depends on the
* release) will buffer packets in non-blocking mode and only return them in a
* bunch when the buffer is full. Setting the ioctl makes each one be
* delivered immediately. This is how Linux works by default. See the comments
* surrounding the setting of BIOCIMMEDIATE in libpcap/pcap-bpf.c. */
#ifdef BIOCIMMEDIATE
if (mp->pcap_desc != -1) {
int immediate = 1;
if (ioctl(mp->pcap_desc, BIOCIMMEDIATE, &immediate) < 0)
fatal("Cannot set BIOCIMMEDIATE on pcap descriptor");
}
#endif
/* Set device non-blocking */
if (pcap_setnonblock(mp->pt, 1, err0r) < 0) {
/* I can't do select() on pcap! blocking + no_select is fatal */
if(mp->pcap_desc < 0){
Snprintf(errorbuf, sizeof(errorbuf),
"nsock-pcap: Failed to set pcap descriptor on device %s to nonblocking state: %s",
pcap_device, err0r);
return errorbuf;
}
/* When we use bsd hack we also need to set non-blocking */
#ifdef PCAP_BSD_SELECT_HACK
Snprintf(errorbuf, sizeof(errorbuf),
"nsock-pcap: Failed to set pcap descriptor on device %s to nonblocking state: %s",
pcap_device, err0r);
return errorbuf;
#endif
/* in other case, we can accept blocking pcap */
fprintf(stderr, "Failed to set pcap descriptor on device %s to nonblocking state: %s",
pcap_device, err0r);
}
if (ms->tracelevel > 0)
nsock_trace(ms, "PCAP created successfully on device '%s' (pcap_desc=%i bsd_hack=%i to_valid=%i l3_offset=%i) (IOD #%li)",
pcap_device,
mp->pcap_desc,
#if PCAP_BSD_SELECT_HACK
1,
#else
0,
#endif
#if PCAP_RECV_TIMEVAL_VALID
1,
#else
0,
#endif
mp->l3_offset,
nsi->id);
return NULL;
}
int kqueue_loop(mspool *nsp, int msec_timeout) {
int results_left = 0;
int event_msecs; /* msecs before an event goes off */
int combined_msecs;
struct timespec ts, *ts_p;
int sock_err = 0;
struct kqueue_engine_info *kinfo = (struct kqueue_engine_info *)nsp->engine_data;
assert(msec_timeout >= -1);
if (nsp->events_pending == 0)
return 0; /* No need to wait on 0 events ... */
if (GH_LIST_COUNT(&nsp->active_iods) > kinfo->evlen) {
kinfo->evlen = GH_LIST_COUNT(&nsp->active_iods) * 2;
kinfo->events = (struct kevent *)safe_realloc(kinfo->events, kinfo->evlen * sizeof(struct kevent));
}
do {
if (nsp->tracelevel > 6)
nsock_trace(nsp, "wait_for_events");
if (nsp->next_ev.tv_sec == 0)
event_msecs = -1; /* None of the events specified a timeout */
else
event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nsp->next_ev, nsock_tod));
#if HAVE_PCAP
#ifndef PCAP_CAN_DO_SELECT
/* Force a low timeout when capturing packets on systems where
* the pcap descriptor is not select()able. */
if (GH_LIST_COUNT(&nsp->pcap_read_events) > 0)
if (event_msecs > PCAP_POLL_INTERVAL)
event_msecs = PCAP_POLL_INTERVAL;
#endif
#endif
/* We cast to unsigned because we want -1 to be very high (since it means no
* timeout) */
combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout);
/* Set up the timeval pointer we will give to kevent() */
memset(&ts, 0, sizeof(struct timespec));
if (combined_msecs >= 0) {
ts.tv_sec = combined_msecs / 1000;
ts.tv_nsec = (combined_msecs % 1000) * 1000000L;
ts_p = &ts;
} else {
ts_p = NULL;
}
#if HAVE_PCAP
#ifndef PCAP_CAN_DO_SELECT
/* do non-blocking read on pcap devices that doesn't support select()
* If there is anything read, just leave this loop. */
if (pcap_read_on_nonselect(nsp)) {
/* okay, something was read. */
} else
#endif
#endif
{
results_left = kevent(kinfo->kqfd, NULL, 0, kinfo->events, kinfo->evlen, ts_p);
if (results_left == -1)
sock_err = socket_errno();
}
gettimeofday(&nsock_tod, NULL); /* Due to kevent delay */
} while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */
if (results_left == -1 && sock_err != EINTR) {
nsock_trace(nsp, "nsock_loop error %d: %s", sock_err, socket_strerror(sock_err));
nsp->errnum = sock_err;
return -1;
}
iterate_through_event_lists(nsp, results_left);
return 1;
}
int select_loop(mspool *nsp, int msec_timeout) {
int results_left = 0;
int event_msecs; /* msecs before an event goes off */
int combined_msecs;
int sock_err = 0;
struct timeval select_tv;
struct timeval *select_tv_p;
struct select_engine_info *sinfo = (struct select_engine_info *)nsp->engine_data;
assert(msec_timeout >= -1);
if (nsp->events_pending == 0)
return 0; /* No need to wait on 0 events ... */
do {
if (nsp->tracelevel > 6)
nsock_trace(nsp, "wait_for_events");
if (nsp->next_ev.tv_sec == 0)
event_msecs = -1; /* None of the events specified a timeout */
else
event_msecs = MAX(0, TIMEVAL_MSEC_SUBTRACT(nsp->next_ev, nsock_tod));
#if HAVE_PCAP
#ifndef PCAP_CAN_DO_SELECT
/* Force a low timeout when capturing packets on systems where
* the pcap descriptor is not select()able. */
if (GH_LIST_COUNT(&nsp->pcap_read_events))
if (event_msecs > PCAP_POLL_INTERVAL)
event_msecs = PCAP_POLL_INTERVAL;
#endif
#endif
/* We cast to unsigned because we want -1 to be very high (since it means no
* timeout) */
combined_msecs = MIN((unsigned)event_msecs, (unsigned)msec_timeout);
/* Set up the timeval pointer we will give to select() */
memset(&select_tv, 0, sizeof(select_tv));
if (combined_msecs > 0) {
select_tv.tv_sec = combined_msecs / 1000;
select_tv.tv_usec = (combined_msecs % 1000) * 1000;
select_tv_p = &select_tv;
} else if (combined_msecs == 0) {
/* we want the tv_sec and tv_usec to be zero but they already are from bzero */
select_tv_p = &select_tv;
} else {
assert(combined_msecs == -1);
select_tv_p = NULL;
}
#if HAVE_PCAP
#ifndef PCAP_CAN_DO_SELECT
/* do non-blocking read on pcap devices that doesn't support select()
* If there is anything read, just leave this loop. */
if (pcap_read_on_nonselect(nsp)) {
/* okay, something was read. */
} else
#endif
#endif
{
/* Set up the descriptors for select */
sinfo->fds_results_r = sinfo->fds_master_r;
sinfo->fds_results_w = sinfo->fds_master_w;
sinfo->fds_results_x = sinfo->fds_master_x;
results_left = fselect(sinfo->max_sd + 1, &sinfo->fds_results_r,
&sinfo->fds_results_w, &sinfo->fds_results_x, select_tv_p);
if (results_left == -1)
sock_err = socket_errno();
}
gettimeofday(&nsock_tod, NULL); /* Due to select delay */
} while (results_left == -1 && sock_err == EINTR); /* repeat only if signal occurred */
if (results_left == -1 && sock_err != EINTR) {
nsock_trace(nsp, "nsock_loop error %d: %s", sock_err, socket_strerror(sock_err));
nsp->errnum = sock_err;
return -1;
}
iterate_through_event_lists(nsp);
return 1;
}
/* Same as nsock_write except you can use a printf-style format and you can only use this for ASCII strings */
nsock_event_id nsock_printf(nsock_pool ms_pool, nsock_iod ms_iod,
nsock_ev_handler handler, int timeout_msecs,
void *userdata, char *format, ... ) {
mspool *nsp = (mspool *) ms_pool;
msiod *nsi = (msiod *) ms_iod;
msevent *nse;
char buf[4096];
char *buf2 = NULL;
int res, res2;
int strlength = 0;
char displaystr[256];
va_list ap;
va_start(ap,format);
nse = msevent_new(nsp, NSE_TYPE_WRITE, nsi, timeout_msecs, handler,
userdata);
assert(nse);
res = Vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
if (res != -1) {
if (res > sizeof(buf)) {
buf2 = (char * ) safe_malloc(res + 16);
res2 = Vsnprintf(buf2, sizeof(buf), format, ap);
if (res2 == -1 || res2 > res) {
free(buf2);
buf2 = NULL;
} else strlength = res2;
} else {
buf2 = buf;
strlength = res;
}
}
if (!buf2) {
nse->event_done = 1;
nse->status = NSE_STATUS_ERROR;
nse->errnum = EMSGSIZE;
} else {
if (strlength == 0) {
nse->event_done = 1;
nse->status = NSE_STATUS_SUCCESS;
} else {
fscat(&nse->iobuf, buf2, strlength);
}
}
if (nsp->tracelevel > 0) {
if (nsp->tracelevel > 1 && nse->status != NSE_STATUS_ERROR && strlength < 80) {
memcpy(displaystr, ": ", 2);
memcpy(displaystr + 2, buf2, strlength);
displaystr[2 + strlength] = '\0';
replacenonprintable(displaystr + 2, strlength, '.');
} else displaystr[0] = '\0';
if (nsi->peerlen > 0)
nsock_trace(nsp, "Write request for %d bytes to IOD #%li EID %li [%s:%hu]%s", strlength, nsi->id,
nse->id, inet_ntop_ez(&nsi->peer, nsi->peerlen), nsi_peerport(nsi), displaystr);
else
nsock_trace(nsp, "Write request for %d bytes to IOD #%li EID %li (peer unspecified)%s", strlength,
nsi->id, nse->id, displaystr);
}
if (buf2 != buf) {
free(buf2);
}
nsp_add_event(nsp, nse);
return nse->id;
}
/* If msiod_new returned success, you must free the iod when you are
done with it to conserve memory (and in some cases, sockets).
After this call, nsockiod may no longer be used -- you need to
create a new one with nsi_new(). pending_response tells what to do
with any events that are pending on this nsock_iod. This can be
NSOCK_PENDING_NOTIFY (send a KILL notification to each event),
NSOCK_PENDING_SILENT (do not send notification to the killed
events), or NSOCK_PENDING_ERROR (print an error message and quiit
the program) */
void nsi_delete(nsock_iod nsockiod, int pending_response) {
msiod *nsi = (msiod *) nsockiod;
gh_list *elist_ar[3];
int elist;
gh_list_elem *currev_elem, *next_elem;
msevent *currev;
assert(nsi);
if (nsi->state == NSIOD_STATE_DELETED) {
fatal("nsi_delete() called on nsock_iod which appears to have already been deleted");
}
if (nsi->events_pending > 0) {
/* shit -- they killed the msiod while an event was still pending
on it. Maybe I should store the pending events in the msiod.
On the other hand, this should be a pretty rare occurance and
so I'll save space and hassle by just locating the events here
by searching through the active events list */
if (pending_response == NSOCK_PENDING_ERROR)
fatal("nsi_delete called with argument NSOCK_PENDING_ERROR on a nsock_iod that has %d pending event(s) associated with it", nsi->events_pending);
assert(pending_response == NSOCK_PENDING_NOTIFY ||
pending_response == NSOCK_PENDING_SILENT);
elist_ar[0] = &(nsi->nsp->evl.read_events);
elist_ar[1] = &(nsi->nsp->evl.write_events);
elist_ar[2] = &(nsi->nsp->evl.connect_events);
for(elist = 0; elist < 3 && nsi->events_pending > 0; elist++) {
currev_elem = GH_LIST_FIRST_ELEM(elist_ar[elist]);
while(currev_elem) {
currev = (msevent *) GH_LIST_ELEM_DATA(currev_elem);
next_elem = GH_LIST_ELEM_NEXT(currev_elem);
if (currev->iod == nsi) {
// OK - we found an event pending on this IOD. Kill it.
// printf("Found an outstanding event (out of %d), removing\n", nsi->events_pending);
msevent_cancel(nsi->nsp, currev, elist_ar[elist], currev_elem, pending_response == NSOCK_PENDING_NOTIFY);
}
if (nsi->events_pending == 0)
break;
currev_elem = next_elem;
}
}
}
if (nsi->events_pending != 0)
fatal("Trying to delete NSI, but could not find %d of the purportedly pending events on that IOD.\n", nsi->events_pending);
#if HAVE_OPENSSL
/* Close any SSL resources */
if (nsi->ssl) {
/* No longer free session because copy nsi stores is not reference counted */
/* if (nsi->ssl_session)
SSL_SESSION_free(nsi->ssl_session);
nsi->ssl_session = NULL; */
if (SSL_shutdown(nsi->ssl) == -1) {
if (nsi->nsp->tracelevel > 1)
nsock_trace(nsi->nsp,
"nsi_delete(): SSL shutdown failed (%s) on NSI %li",
ERR_reason_error_string(SSL_get_error(nsi->ssl, -1)),
nsi->id);
}
/* I don't really care if the SSL_shutdown() succeeded politely. I could
make the SD blocking temporarily for this, but I'm hoping it will
succeed 95% of the time because we can usually write to a socket. */
SSL_free(nsi->ssl);
nsi->ssl = NULL;
}
#endif
if (nsi->sd >= 0) {
close(nsi->sd);
nsi->sd = -1;
}
nsi->state = NSIOD_STATE_DELETED;
nsi->userdata = NULL;
gh_list_remove_elem(&nsi->nsp->active_iods, nsi->entry_in_nsp_active_iods);
gh_list_prepend(&nsi->nsp->free_iods, nsi);
}
