static void do_tcp_connection_destroy(void *userdata) { tcp_connection_t* connection = (tcp_connection_t*)userdata; if (buffer_readablebytes(connection->out_buffer) > 0) { channel_clearevent(connection->channel, EPOLLIN); channel_setevent(connection->channel, EPOLLOUT); connection->need_closed_after_sent_done = 1; } else { if (connection->is_in_callback) { connection->is_alive = 0; } else { delete_connection(connection); } } return; }
/** * Shutdown a connection and all associated. Also frees the * proxy_connection structure and removes it from the * connection_context. * * @access private * @param fd_set master * @param connection_context * * @param int hsocket * @return int success */ int _shutdown_connections(fd_set *master, connection_context *ctx, int hSocket) { proxy_connection *conn; /* Retrieve the connection context */ if (NULL == (conn= get_connection_by_socket (ctx, hSocket))) { ERR ("Unable to find proxy connection in context"); return 0; } /* Perform filter shutdown */ csta_filter_shutdown(conn); /* Close all associated sockets */ if (conn->hServer) { close (conn->hServer); FD_CLR(conn->hServer, master); } if (conn->hClient) { close (conn->hClient); FD_CLR(conn->hClient, master); } /* Now free anything left */ delete_connection(ctx, conn); free_connection(&conn); return 1; }
static void delete_clicked (GtkButton *button, gpointer user_data) { NMConnectionList *list = user_data; NMRemoteConnection *connection; connection = get_active_connection (list->connection_list); g_return_if_fail (connection != NULL); delete_connection (GTK_WINDOW (list->dialog), connection, delete_connection_cb, list); }
//for array_data_ports void set_outports(BASE_CL *st, int num){ if (st->outports<=num){ st->outports = num; return; } for (int i=num;i<st->outports;i++){ for (int j=0;j<MAX_CONNECTS;j++){ if (st->out[j].from_port==i){ delete_connection(&st->out[j]); } } } st->outports = num; get_session_length(); }
void connection_pool::delete_connection(int16_t id) { delete_connection(&m_connections[id]); }
/* FIXME: This should be in userspace. Later. */ static int help(const struct iphdr *iph, size_t len, struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { /* tcplen not negative guaranteed by ip_conntrack_tcp.c */ struct tcphdr *tcph = (void *)iph + iph->ihl * 4; unsigned int tcplen = iph->tot_len - iph->ihl * 4; // int dir = CTINFO2DIR(ctinfo); struct pptp_pkt_hdr *pptph; pptph = (struct pptp_pkt_hdr *) ((char *) iph + sizeof(struct iphdr) + sizeof(struct tcphdr)); /* Until there's been traffic both ways, don't look in packets. */ if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) { DEBUGP("pptp: Conntrackinfo = %u\n", ctinfo); return NF_ACCEPT; } /* If we get a FIN or RST, this connection's going down, and so is */ /* the GRE tunnel. Deal. */ if (tcph->rst || tcph->fin) { DEBUGP("pptp: bringing down gre connection.\n"); delete_connection(ct, ctinfo); } /* Not whole TCP header? */ if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff*4) { DEBUGP("pptp: tcplen = %u\n", (unsigned)tcplen); return NF_ACCEPT; } /* Checksum invalid? Ignore. */ /* FIXME: Source route IP option packets --RR */ if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, csum_partial((char *)tcph, tcplen, 0))) { DEBUGP("pptp_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", tcph, tcplen, NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); /* WHAT?!? Win2k seems to send OUT_CALL_REQ packets with bogus checksums... */ /* return NF_ACCEPT; */ } /* verify we have data (i.e. pptph points before end of packet) */ if ((void *) pptph >= (void *) ((iph) + len)) { DEBUGP("pptp_help(): no TCP data in pkt\n"); return NF_ACCEPT; } /* if it's not a control message we can't do anything with it */ if (ntohs(pptph->packetType) != PPTP_CONTROL_PACKET || ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) { DEBUGP("pptp_help(): not a control pkt\n"); return NF_ACCEPT; } if(ctinfo >= IP_CT_IS_REPLY) ip_inbound_pptp_tcp(iph, ct, ctinfo); else ip_outbound_pptp_tcp(iph, ct, ctinfo); return NF_ACCEPT; }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc != 3 && argc!=4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name>\n", progname); exit(10); } /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } tool_init_log(); load_oswcrypto(); init_fake_vendorid(); init_fake_secrets(); init_local_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(11); send_packet_setup_pcap("OUTPUT/" TESTNAME ".pcap"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); //list_public_keys(FALSE, FALSE); #ifndef SKIP_ORIENT_ASSERT assert(orient(c1, 500)); #endif show_one_connection(c1); #ifndef SKIP_INITIATE /* do calculation if not -r for regression */ st = sendI1(c1, DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE, regression == 0); st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } #endif delete_connection(c1, TRUE); report_leaks(); tool_close_log(); exit(0); }
main(int argc, char *argv[]) { int len; char *infile; char *conn_name; int lineno=0; int regression = 0; struct connection *c1; struct state *st; #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; /* skip argv0 */ argc--; argv++; if(strcmp(argv[0], "-r")==0) { regression = 1; argc--; argv++; } if(argc != 4) { fprintf(stderr, "Usage: %s [-r] <whackrecord> <conn-name> <pcapfile> <pcapout>\n", progname); exit(10); } tool_init_log(); init_crypto(); load_oswcrypto(); init_fake_vendorid(); init_parker_interface(); infile = argv[0]; conn_name = argv[1]; cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); /* input packets */ recv_pcap_setup(argv[2]); /* output first packets to /dev/null */ send_packet_setup_pcap("/dev/null"); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1); st = sendI1(c1, DBG_CONTROL, regression == 0); /* now accept the reply packet */ cur_debugging = DBG_CONTROL|DBG_PARSING; /* now output interesting packet to capture file */ send_packet_setup_pcap(argv[3]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); pcap_close(pt); recv_pcap_setup(argv[2]); pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* dump the delete message that comes out */ send_packet_setup_pcap("/dev/null"); delete_connection(c1, TRUE); st = state_with_serialno(1); if(st!=NULL) { free_state(st); } report_leaks(); tool_close_log(); exit(0); }
static void connection_onevent(int fd, int event, void* userdata) { tcp_connection_t *connection = (tcp_connection_t*)userdata; inetaddr_t *peer_addr = &connection->peer_addr; buffer_t* in_buffer; buffer_t* out_buffer; void* data; unsigned size; unsigned written; int error; log_debug("connection_onevent: fd(%d), event(%d), peer addr: %s:%u", fd, event, peer_addr->ip, peer_addr->port); if (event & EPOLLHUP) { connection->is_connected = 0; connection->is_in_callback = 1; connection->closecb(connection, connection->userdata); connection->is_in_callback = 0; } else { if (event & EPOLLIN) { if (connection->need_closed_after_sent_done == 0) { in_buffer = connection->in_buffer; size = buffer_readFd(in_buffer, connection->fd); if (0 == size) { assert(NULL != connection->closecb); connection->is_connected = 0; connection->is_in_callback = 1; connection->closecb(connection, connection->userdata); connection->is_in_callback = 0; } else { assert(NULL != connection->datacb); connection->is_in_callback = 1; connection->datacb(connection, in_buffer, connection->userdata); connection->is_in_callback = 0; } } else { char temp[256]; while (read(fd, temp, sizeof(temp)) > 0); } } if (event & EPOLLOUT) { out_buffer = connection->out_buffer; data = buffer_peek(out_buffer); size = buffer_readablebytes(out_buffer); written = write(connection->fd, data, size); if (written < 0) { error = errno; if (error != EAGAIN && error != EINTR) { log_error("connection_onevent: write() failed, fd(%d), errno(%d), peer addr: %s:%u", fd, error, peer_addr->ip, peer_addr->port); return; } else { written = 0; } } buffer_retrieve(out_buffer, written); if(written >= size) { channel_clearevent(connection->channel, EPOLLOUT); if (connection->need_closed_after_sent_done) { connection->is_alive = 0; } } } } if (0 == connection->is_alive) { delete_connection(connection); } return; }
/* called when an inotify event is received */ static void process_inotify(int fd) { int bytes; /* union to avoid strict-aliasing problems */ union { char buffer[256]; /* a tad large */ struct inotify_event event; } eventbuf; bytes = read(fd, &eventbuf.buffer, sizeof(eventbuf.buffer)); acpid_log(LOG_DEBUG, "inotify read bytes: %d", bytes); /* eof is not expected */ if (bytes == 0) { acpid_log(LOG_WARNING, "inotify fd eof encountered"); return; } else if (bytes < 0) { /* EINVAL means buffer wasn't big enough. See inotify(7). */ acpid_log(LOG_ERR, "inotify read error: %s (%d)", strerror(errno), errno); acpid_log(LOG_ERR, "disconnecting from inotify"); delete_connection(fd); return; } acpid_log(LOG_DEBUG, "inotify name len: %d", eventbuf.event.len); const int dnsize = 256; char devname[dnsize]; /* if a name is included */ if (eventbuf.event.len > 0) { /* devname = ACPID_INPUTLAYERDIR + "/" + pevent -> name */ strcpy(devname, ACPID_INPUTLAYERDIR); strcat(devname, "/"); strncat(devname, eventbuf.event.name, dnsize - strlen(devname) - 1); } /* if this is a create */ if (eventbuf.event.mask & IN_CREATE) { acpid_log(LOG_DEBUG, "inotify about to open: %s", devname); open_inputfile(devname); } /* if this is a delete */ if (eventbuf.event.mask & IN_DELETE) { /* struct connection *c; */ acpid_log(LOG_DEBUG, "inotify received a delete for: %s", devname); #if 0 /* Switching back to the original ENODEV detection scheme. See process_input() in input_layer.c. */ /* keeping this for future reference */ /* search for the event file in the connection list */ /* ??? Or should we just have a delete_connection_name()? */ c = find_connection_name(devname); /* close that connection if found */ if (c) delete_connection(c->fd); #endif } }
int main(int argc, char *argv[]) { int len; char *infile, *pcapin, *pcapout; char *conn_name; int lineno=0; struct connection *c1; struct state *st; char eb1[256]; /* error buffer for pcap open */ #ifdef HAVE_EFENCE EF_PROTECT_FREE=1; #endif progname = argv[0]; leak_detective = 1; if(argc <= 4) { usage: fprintf(stderr, "Usage: %s <whackrecord> <conn-name> <pcapin> <pcapout>\n", progname); exit(10); } /* argv[1] == "-r" ?? */ tool_init_log(); init_crypto(); init_fake_vendorid(); init_fake_secrets(); init_jamesjohnson_interface(); infile = NULL; conn_name = NULL; pcapin = NULL; pcapout = NULL; argc--; argv++; if(argc > 0) { infile = argv[0]; argc--; argv++; } if(argc > 0) { conn_name = argv[0]; argc--; argv++; } if(argc > 0) { pcapin = argv[0]; argc--; argv++; } if(argc > 0) { pcapout = argv[0]; argc--; argv++; } if(conn_name == NULL || infile == NULL || pcapin == NULL || pcapout == NULL) { goto usage; } cur_debugging = DBG_CONTROL|DBG_CONTROLMORE; if(readwhackmsg(infile) == 0) exit(10); c1 = con_by_name(conn_name, TRUE); assert(c1 != NULL); assert(orient(c1, 500)); show_one_connection(c1, whack_log); send_packet_setup_pcap(pcapout); /* setup to process the I1 packet */ recv_pcap_setup(pcapin); cur_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE; pcap_dispatch(pt, 1, recv_pcap_packet, NULL); /* clean up so that we can see any leaks */ st = state_with_serialno(1); if(st!=NULL) { delete_state(st); free_state(st); } delete_connection(c1, TRUE); report_leaks(); tool_close_log(); exit(0); }
/* Handle a kernel request. Supposedly, there's a message in * the kernelsock socket. */ void whack_handle(int whackctlfd) { struct whack_message msg; struct sockaddr_un whackaddr; int whackaddrlen = sizeof(whackaddr); int whackfd = accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen); ssize_t n; if (whackfd < 0) { log_errno((e, "accept() failed in whack_handle()")); return; } n = read(whackfd, &msg, sizeof(msg)); if (n == -1) { log_errno((e, "read() failed in whack_handle()")); close(whackfd); return; } whack_log_fd = whackfd; /* sanity check message */ { err_t ugh = NULL; next_str = msg.string; str_roof = (char *)&msg + n; if (next_str > str_roof) { ugh = builddiag("truncated message from whack: got %d bytes; expected %d. Message ignored." , n, (int) sizeof(msg)); } else if (msg.magic != WHACK_MAGIC) { ugh = builddiag("message from whack has bad magic %d; should be %d; probably wrong version. Message ignored" , msg.magic, WHACK_MAGIC); } else if (!unpack_str(&msg.name) /* string 1 */ || !unpack_str(&msg.left.id) /* string 2 */ || !unpack_str(&msg.left.cert) /* string 3 */ || !unpack_str(&msg.left.updown) /* string 4 */ #ifdef VIRTUAL_IP || !unpack_str(&msg.left.virt) #endif || !unpack_str(&msg.right.id) /* string 5 */ || !unpack_str(&msg.right.cert) /* string 6 */ || !unpack_str(&msg.right.updown) /* string 7 */ #ifdef VIRTUAL_IP || !unpack_str(&msg.right.virt) #endif || !unpack_str(&msg.keyid) /* string 8 */ || !unpack_str(&msg.ike) /* string 9 */ || !unpack_str(&msg.esp) /* string 10 */ || !unpack_str(&msg.dnshostname) /* string 11 */ || str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */ { ugh = "message from whack contains bad string"; } else { msg.keyval.ptr = next_str; /* grab chunk */ } if (ugh != NULL) { loglog(RC_BADWHACKMESSAGE, "%s", ugh); whack_log_fd = NULL_FD; close(whackfd); return; } } if (msg.whack_options) { #ifdef DEBUG if (msg.name == NULL) { /* we do a two-step so that if either old or new would * cause the message to print, it will be printed. */ cur_debugging |= msg.debugging; DBG(DBG_CONTROL , DBG_log("base debugging = %s" , bitnamesof(debug_bit_names, msg.debugging))); cur_debugging = base_debugging = msg.debugging; } else if (!msg.whack_connection) { struct connection *c = con_by_name(msg.name, TRUE); if (c != NULL) { c->extra_debugging = msg.debugging; DBG(DBG_CONTROL , DBG_log("\"%s\" extra_debugging = %s" , c->name , bitnamesof(debug_bit_names, c->extra_debugging))); } } #endif } /* Deleting combined with adding a connection works as replace. * To make this more useful, in only this combination, * delete will silently ignore the lack of the connection. */ if (msg.whack_delete) { struct connection *c = con_by_name(msg.name, !msg.whack_connection); /* note: this is a "while" because road warrior * leads to multiple connections with the same name. */ for (; c != NULL; c = con_by_name(msg.name, FALSE)) delete_connection(c); } if (msg.whack_deletestate) { struct state *st = state_with_serialno(msg.whack_deletestateno); if (st == NULL) { loglog(RC_UNKNOWN_NAME, "no state #%lu to delete" , msg.whack_deletestateno); } else { delete_state(st); } } if (msg.whack_connection) add_connection(&msg); /* process "listen" before any operation that could require it */ if (msg.whack_listen) { log("listening for IKE messages"); listening = TRUE; find_ifaces(); load_preshared_secrets(); } if (msg.whack_unlisten) { log("no longer listening for IKE messages"); listening = FALSE; } if (msg.whack_reread & REREAD_SECRETS) { load_preshared_secrets(); } if (msg.whack_reread & REREAD_MYCERT) { load_mycert(); } if (msg.whack_reread & REREAD_CACERTS) { load_cacerts(); } if (msg.whack_reread & REREAD_CRLS) { load_crls(); } if (msg.whack_list & LIST_PUBKEYS) { list_public_keys(msg.whack_utc); } if (msg.whack_list & LIST_CERTS) { list_certs(msg.whack_utc); } if (msg.whack_list & LIST_CACERTS) { list_cacerts(msg.whack_utc); } if (msg.whack_list & LIST_CRLS) { list_crls(msg.whack_utc); } if (msg.whack_key) { /* add a public key */ struct id keyid; err_t ugh = atoid(msg.keyid, &keyid); if (ugh != NULL) { loglog(RC_BADID, "bad --keyid \"%s\": %s", msg.keyid, ugh); } else { if (!msg.whack_addkey) delete_public_keys(&keyid, msg.pubkey_alg); if (msg.keyval.len == 0) { struct key_add_continuation *kc = alloc_thing(struct key_add_continuation , "key add continuation"); int wfd = dup_any(whackfd); kc->whack_fd = wfd; ugh = start_adns_query(&keyid , NULL , T_KEY , key_add_continue , &kc->ac); if (ugh != NULL) { key_add_ugh(&keyid, ugh); close_any(wfd); } } else { ugh = add_public_key(&keyid, DAL_LOCAL, msg.pubkey_alg , &msg.keyval, &pubkeys); if (ugh != NULL) loglog(RC_LOG_SERIOUS, "%s", ugh); } } }