void
ssl_connect(int s, short event, void *arg)
{
struct ctl_tcp_event *cte = arg;
int retry_flag = 0;
int tls_err = 0;
int ret;
if (event == EV_TIMEOUT) {
cte->host->up = HOST_DOWN;
hce_notify_done(cte->host, HCE_TLS_CONNECT_TIMEOUT);
ssl_cleanup(cte);
return;
}
ret = SSL_connect(cte->ssl);
if (ret <= 0) {
tls_err = SSL_get_error(cte->ssl, ret);
switch (tls_err) {
case SSL_ERROR_WANT_READ:
retry_flag = EV_READ;
goto retry;
case SSL_ERROR_WANT_WRITE:
retry_flag = EV_WRITE;
goto retry;
default:
cte->host->up = HOST_DOWN;
ssl_error(cte->host->conf.name, "cannot connect");
hce_notify_done(cte->host, HCE_TLS_CONNECT_FAIL);
ssl_cleanup(cte);
return;
}
}
if (cte->table->conf.check == CHECK_TCP) {
cte->host->up = HOST_UP;
hce_notify_done(cte->host, HCE_TLS_CONNECT_OK);
ssl_cleanup(cte);
return;
}
if (cte->table->sendbuf != NULL) {
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_write,
&cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("ssl_connect: cannot create dynamic buffer");
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ, ssl_read,
&cte->tv_start, &cte->table->conf.timeout, cte);
return;
retry:
event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_connect,
&cte->tv_start, &cte->table->conf.timeout, cte);
}
int
relay_dns_request(struct rsession *con)
{
struct relay *rlay = (struct relay *)con->se_relay;
struct relay_dns_priv *priv = (struct relay_dns_priv *)con->se_priv;
u_int8_t *buf = EVBUFFER_DATA(con->se_out.output);
size_t len = EVBUFFER_LENGTH(con->se_out.output);
struct relay_dnshdr *hdr;
socklen_t slen;
if (buf == NULL || priv == NULL || len < 1)
return (-1);
if (debug)
relay_dns_log(con, buf, len);
if (gettimeofday(&con->se_tv_start, NULL) == -1)
return (-1);
if (rlay->rl_dsttable != NULL) {
if (relay_from_table(con) != 0)
return (-1);
} else if (con->se_out.ss.ss_family == AF_UNSPEC) {
bcopy(&rlay->rl_conf.dstss, &con->se_out.ss,
sizeof(con->se_out.ss));
con->se_out.port = rlay->rl_conf.dstport;
}
if ((con->se_out.s = relay_udp_socket(&con->se_out.ss,
con->se_out.port, rlay->rl_proto)) == -1)
return (-1);
slen = con->se_out.ss.ss_len;
hdr = (struct relay_dnshdr *)buf;
hdr->dns_id = htons(priv->dp_inkey);
retry:
if (sendto(con->se_out.s, buf, len, 0,
(struct sockaddr *)&con->se_out.ss, slen) == -1) {
if (con->se_retry) {
con->se_retry--;
log_debug("%s: session %d: "
"forward failed: %s, %s", __func__,
con->se_id, strerror(errno),
con->se_retry ? "next retry" : "last retry");
goto retry;
}
log_debug("%s: session %d: forward failed: %s", __func__,
con->se_id, strerror(errno));
return (-1);
}
event_again(&con->se_ev, con->se_out.s, EV_TIMEOUT|EV_READ,
relay_udp_response, &con->se_tv_start, &env->sc_timeout, con);
return (0);
}
void
tcp_host_up(int s, struct ctl_tcp_event *cte)
{
cte->s = s;
switch (cte->table->conf.check) {
case CHECK_TCP:
if (cte->table->conf.flags & F_SSL)
break;
close(s);
hce_notify_done(cte->host, HCE_TCP_CONNECT_OK);
return;
case CHECK_HTTP_CODE:
cte->validate_read = NULL;
cte->validate_close = check_http_code;
break;
case CHECK_HTTP_DIGEST:
cte->validate_read = NULL;
cte->validate_close = check_http_digest;
break;
case CHECK_SEND_EXPECT:
cte->validate_read = check_send_expect;
cte->validate_close = check_send_expect;
break;
}
if (cte->table->conf.flags & F_SSL) {
ssl_transaction(cte);
return;
}
if (cte->table->sendbuf != NULL) {
cte->req = cte->table->sendbuf;
event_again(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_send_req,
&cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("tcp_host_up: cannot create dynamic buffer");
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
&cte->tv_start, &cte->table->conf.timeout, cte);
}
void
tcp_send_req(int s, short event, void *arg)
{
struct ctl_tcp_event *cte = arg;
int bs;
int len;
if (event == EV_TIMEOUT) {
cte->host->up = HOST_DOWN;
close(cte->s);
hce_notify_done(cte->host, HCE_TCP_WRITE_TIMEOUT);
return;
}
len = strlen(cte->req);
do {
bs = write(s, cte->req, len);
if (bs == -1) {
if (errno == EAGAIN || errno == EINTR)
goto retry;
log_warnx("%s: cannot send request", __func__);
cte->host->up = HOST_DOWN;
close(cte->s);
hce_notify_done(cte->host, HCE_TCP_WRITE_FAIL);
return;
}
cte->req += bs;
len -= bs;
} while (len > 0);
if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) == NULL)
fatalx("tcp_send_req: cannot create dynamic buffer");
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
&cte->tv_start, &cte->table->conf.timeout, cte);
return;
retry:
event_again(&cte->ev, s, EV_TIMEOUT|EV_WRITE, tcp_send_req,
&cte->tv_start, &cte->table->conf.timeout, cte);
}
void
tcp_read_buf(int s, short event, void *arg)
{
ssize_t br;
char rbuf[SMALL_READ_BUF_SIZE];
struct ctl_tcp_event *cte = arg;
if (event == EV_TIMEOUT) {
cte->host->up = HOST_DOWN;
ibuf_free(cte->buf);
close(s);
hce_notify_done(cte->host, HCE_TCP_READ_TIMEOUT);
return;
}
bzero(rbuf, sizeof(rbuf));
br = read(s, rbuf, sizeof(rbuf) - 1);
switch (br) {
case -1:
if (errno == EAGAIN || errno == EINTR)
goto retry;
cte->host->up = HOST_DOWN;
ibuf_free(cte->buf);
close(cte->s);
hce_notify_done(cte->host, HCE_TCP_READ_FAIL);
return;
case 0:
cte->host->up = HOST_DOWN;
(void)cte->validate_close(cte);
close(cte->s);
ibuf_free(cte->buf);
hce_notify_done(cte->host, cte->host->he);
return;
default:
if (ibuf_add(cte->buf, rbuf, br) == -1)
fatal("tcp_read_buf: buf_add error");
if (cte->validate_read != NULL) {
if (cte->validate_read(cte) != 0)
goto retry;
close(cte->s);
ibuf_free(cte->buf);
hce_notify_done(cte->host, cte->host->he);
return;
}
break; /* retry */
}
retry:
event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, tcp_read_buf,
&cte->tv_start, &cte->table->conf.timeout, cte);
}
void
ssl_transaction(struct ctl_tcp_event *cte)
{
if (cte->ssl == NULL) {
cte->ssl = SSL_new(cte->table->ssl_ctx);
if (cte->ssl == NULL) {
ssl_error(cte->host->conf.name, "cannot create object");
fatal("cannot create SSL object");
}
}
if (SSL_set_fd(cte->ssl, cte->s) == 0) {
cte->host->up = HOST_UNKNOWN;
ssl_error(cte->host->conf.name, "cannot set fd");
ssl_cleanup(cte);
hce_notify_done(cte->host, HCE_TLS_CONNECT_ERROR);
return;
}
SSL_set_connect_state(cte->ssl);
event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, ssl_connect,
&cte->tv_start, &cte->table->conf.timeout, cte);
}
void
ssl_read(int s, short event, void *arg)
{
char rbuf[SMALL_READ_BUF_SIZE];
struct ctl_tcp_event *cte = arg;
int retry_flag = EV_READ;
int tls_err = 0;
int ret;
if (event == EV_TIMEOUT) {
cte->host->up = HOST_DOWN;
ssl_cleanup(cte);
hce_notify_done(cte->host, HCE_TLS_READ_TIMEOUT);
return;
}
bzero(rbuf, sizeof(rbuf));
ret = SSL_read(cte->ssl, rbuf, sizeof(rbuf));
if (ret <= 0) {
tls_err = SSL_get_error(cte->ssl, ret);
switch (tls_err) {
case SSL_ERROR_WANT_READ:
retry_flag = EV_READ;
goto retry;
case SSL_ERROR_WANT_WRITE:
retry_flag = EV_WRITE;
goto retry;
case SSL_ERROR_ZERO_RETURN: /* FALLTHROUGH */
case SSL_ERROR_SYSCALL:
if (ret == 0) {
cte->host->up = HOST_DOWN;
(void)cte->validate_close(cte);
ssl_cleanup(cte);
hce_notify_done(cte->host, cte->host->he);
return;
}
/* FALLTHROUGH */
default:
cte->host->up = HOST_DOWN;
ssl_error(cte->host->conf.name, "cannot read");
ssl_cleanup(cte);
hce_notify_done(cte->host, HCE_TLS_READ_ERROR);
break;
}
return;
}
if (ibuf_add(cte->buf, rbuf, ret) == -1)
fatal("ssl_read: buf_add error");
if (cte->validate_read != NULL) {
if (cte->validate_read(cte) != 0)
goto retry;
ssl_cleanup(cte);
hce_notify_done(cte->host, cte->host->he);
return;
}
retry:
event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, ssl_read,
&cte->tv_start, &cte->table->conf.timeout, cte);
return;
}
