/*
* InspIRCd -- Internet Relay Chat Daemon
*
+ * Copyright (C) 2019-2020 Matt Schatz <genius3000@g3k.solutions>
+ * Copyright (C) 2013-2016 Attila Molnar <attilamolnar@hush.com>
+ * Copyright (C) 2013, 2016-2020 Sadie Powell <sadie@witchery.services>
+ * Copyright (C) 2013 Daniel Vassdal <shutter@canternet.org>
+ * Copyright (C) 2013 Adam <Adam@anope.org>
+ * Copyright (C) 2012 Robby <robby@chatbelgie.be>
+ * Copyright (C) 2012 ChrisTX <xpipe@hotmail.de>
* Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ * Copyright (C) 2009-2010 Craig Edwards <brain@inspircd.org>
+ * Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
* Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
#include "inspircd.h"
-#include "socket.h"
-#include "socketengine.h"
+#include "iohook.h"
+
+#ifndef _WIN32
+#include <netinet/tcp.h>
+#endif
ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_to)
: bind_tag(tag)
+ , bind_sa(bind_to)
{
- irc::sockets::satoap(bind_to, bind_addr, bind_port);
- bind_desc = irc::sockets::satouser(bind_to);
-
- fd = socket(bind_to.sa.sa_family, SOCK_STREAM, 0);
+ // Are we creating a UNIX socket?
+ if (bind_to.family() == AF_UNIX)
+ {
+ // Is 'replace' enabled?
+ const bool replace = tag->getBool("replace");
+ if (replace && irc::sockets::isunix(bind_to.str()))
+ unlink(bind_to.str().c_str());
+ }
- if (this->fd == -1)
+ fd = socket(bind_to.family(), SOCK_STREAM, 0);
+ if (!HasFd())
return;
- ServerInstance->SE->SetReuse(fd);
- int rv = ServerInstance->SE->Bind(this->fd, bind_to);
- if (rv >= 0)
- rv = ServerInstance->SE->Listen(this->fd, ServerInstance->Config->MaxConn);
-
#ifdef IPV6_V6ONLY
/* This OS supports IPv6 sockets that can also listen for IPv4
* connections. If our address is "*" or empty, enable both v4 and v6 to
* is "::" or an IPv6 address, disable support so that an IPv4 bind will
* work on the port (by us or another application).
*/
- if (bind_to.sa.sa_family == AF_INET6)
+ if (bind_to.family() == AF_INET6)
{
std::string addr = tag->getString("address");
- const char enable = (addr.empty() || addr == "*") ? 0 : 1;
- setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &enable, sizeof(enable));
+ /* This must be >= sizeof(DWORD) on Windows */
+ const int enable = (addr.empty() || addr == "*") ? 0 : 1;
+ /* This must be before bind() */
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast<const char *>(&enable), sizeof(enable));
// errors ignored intentionally
}
#endif
+ if (tag->getBool("free"))
+ {
+ socklen_t enable = 1;
+#if defined IP_FREEBIND // Linux 2.4+
+ setsockopt(fd, SOL_IP, IP_FREEBIND, &enable, sizeof(enable));
+#elif defined IP_BINDANY // FreeBSD
+ setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(enable));
+#elif defined SO_BINDANY // NetBSD/OpenBSD
+ setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, sizeof(enable));
+#else
+ (void)enable;
+#endif
+ }
+
+ SocketEngine::SetReuse(fd);
+ int rv = SocketEngine::Bind(this->fd, bind_to);
+ if (rv >= 0)
+ rv = SocketEngine::Listen(this->fd, ServerInstance->Config->MaxConn);
+
+ if (bind_to.family() == AF_UNIX)
+ {
+ const std::string permissionstr = tag->getString("permissions");
+ unsigned int permissions = strtoul(permissionstr.c_str(), NULL, 8);
+ if (permissions && permissions <= 07777)
+ chmod(bind_to.str().c_str(), permissions);
+ }
+
+ // Default defer to on for TLS listeners because in TLS the client always speaks first
+ int timeout = tag->getDuration("defer", (tag->getString("ssl").empty() ? 0 : 3));
+ if (timeout && !rv)
+ {
+#if defined TCP_DEFER_ACCEPT
+ setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &timeout, sizeof(timeout));
+#elif defined SO_ACCEPTFILTER
+ struct accept_filter_arg afa;
+ memset(&afa, 0, sizeof(afa));
+ strcpy(afa.af_name, "dataready");
+ setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
+#endif
+ }
+
if (rv < 0)
{
int errstore = errno;
- ServerInstance->SE->Shutdown(this, 2);
- ServerInstance->SE->Close(this);
+ SocketEngine::Shutdown(this, 2);
+ SocketEngine::Close(this->GetFd());
this->fd = -1;
errno = errstore;
}
else
{
- ServerInstance->SE->NonBlocking(this->fd);
- ServerInstance->SE->AddFd(this, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
+ SocketEngine::NonBlocking(this->fd);
+ SocketEngine::AddFd(this, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
+
+ this->ResetIOHookProvider();
}
}
ListenSocket::~ListenSocket()
{
- if (this->GetFd() > -1)
+ if (this->HasFd())
{
- ServerInstance->SE->DelFd(this);
- ServerInstance->Logs->Log("SOCKET", LOG_DEBUG,"Shut down listener on fd %d", this->fd);
- if (ServerInstance->SE->Shutdown(this, 2) || ServerInstance->SE->Close(this))
- ServerInstance->Logs->Log("SOCKET", LOG_DEBUG,"Failed to cancel listener: %s", strerror(errno));
- this->fd = -1;
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Shut down listener on fd %d", this->fd);
+ SocketEngine::Shutdown(this, 2);
+
+ if (SocketEngine::Close(this) != 0)
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to cancel listener: %s", strerror(errno));
+
+ if (bind_sa.family() == AF_UNIX && unlink(bind_sa.un.sun_path))
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to unlink UNIX socket: %s", strerror(errno));
}
}
-/* Just seperated into another func for tidiness really.. */
-void ListenSocket::AcceptInternal()
+void ListenSocket::OnEventHandlerRead()
{
irc::sockets::sockaddrs client;
- irc::sockets::sockaddrs server;
+ irc::sockets::sockaddrs server(bind_sa);
socklen_t length = sizeof(client);
- int incomingSockfd = ServerInstance->SE->Accept(this, &client.sa, &length);
+ int incomingSockfd = SocketEngine::Accept(this, &client.sa, &length);
- ServerInstance->Logs->Log("SOCKET",LOG_DEBUG,"HandleEvent for Listensocket %s nfd=%d", bind_desc.c_str(), incomingSockfd);
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Accepting connection on socket %s fd %d", bind_sa.str().c_str(), incomingSockfd);
if (incomingSockfd < 0)
{
- ServerInstance->stats->statsRefused++;
+ ServerInstance->stats.Refused++;
return;
}
if (getsockname(incomingSockfd, &server.sa, &sz))
{
ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Can't get peername: %s", strerror(errno));
- irc::sockets::aptosa(bind_addr, bind_port, server);
- }
-
- /*
- * XXX -
- * this is done as a safety check to keep the file descriptors within range of fd_ref_table.
- * its a pretty big but for the moment valid assumption:
- * file descriptors are handed out starting at 0, and are recycled as theyre freed.
- * therefore if there is ever an fd over 65535, 65536 clients must be connected to the
- * irc server at once (or the irc server otherwise initiating this many connections, files etc)
- * which for the time being is a physical impossibility (even the largest networks dont have more
- * than about 10,000 users on ONE server!)
- */
- if (incomingSockfd >= ServerInstance->SE->GetMaxFds())
- {
- ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Server is full");
- ServerInstance->SE->Shutdown(incomingSockfd, 2);
- ServerInstance->SE->Close(incomingSockfd);
- ServerInstance->stats->statsRefused++;
- return;
}
- if (client.sa.sa_family == AF_INET6)
+ if (client.family() == AF_INET6)
{
/*
* This case is the be all and end all patch to catch and nuke 4in6
memcpy(&server.in4.sin_addr.s_addr, server.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t));
}
}
+ else if (client.family() == AF_UNIX)
+ {
+ // Clients connecting via UNIX sockets don't have paths so give them
+ // the server path as defined in RFC 1459 section 8.1.1.
+ //
+ // strcpy is safe here because sizeof(sockaddr_un.sun_path) is equal on both.
+ strcpy(client.un.sun_path, server.un.sun_path);
+ }
- ServerInstance->SE->NonBlocking(incomingSockfd);
+ SocketEngine::NonBlocking(incomingSockfd);
ModResult res;
FIRST_MOD_RESULT(OnAcceptConnection, res, (incomingSockfd, this, &client, &server));
if (res == MOD_RES_PASSTHRU)
{
- std::string type = bind_tag->getString("type", "clients");
- if (type == "clients")
+ const std::string type = bind_tag->getString("type", "clients", 1);
+ if (stdalgo::string::equalsci(type, "clients"))
{
ServerInstance->Users->AddUser(incomingSockfd, this, &client, &server);
res = MOD_RES_ALLOW;
}
if (res == MOD_RES_ALLOW)
{
- ServerInstance->stats->statsAccept++;
+ ServerInstance->stats.Accept++;
}
else
{
- ServerInstance->stats->statsRefused++;
- ServerInstance->Logs->Log("SOCKET",LOG_DEFAULT,"Refusing connection on %s - %s",
- bind_desc.c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found");
- ServerInstance->SE->Close(incomingSockfd);
+ ServerInstance->stats.Refused++;
+ ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "Refusing connection on %s - %s",
+ bind_sa.str().c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found");
+ SocketEngine::Close(incomingSockfd);
}
}
-void ListenSocket::HandleEvent(EventType e, int err)
+void ListenSocket::ResetIOHookProvider()
{
- switch (e)
- {
- case EVENT_ERROR:
- ServerInstance->Logs->Log("SOCKET",LOG_DEFAULT,"ListenSocket::HandleEvent() received a socket engine error event! well shit! '%s'", strerror(err));
- break;
- case EVENT_WRITE:
- ServerInstance->Logs->Log("SOCKET",LOG_DEBUG,"*** BUG *** ListenSocket::HandleEvent() got a WRITE event!!!");
- break;
- case EVENT_READ:
- this->AcceptInternal();
- break;
+ iohookprovs[0].SetProvider(bind_tag->getString("hook"));
+
+ // Check that all non-last hooks support being in the middle
+ for (IOHookProvList::iterator i = iohookprovs.begin(); i != iohookprovs.end()-1; ++i)
+ {
+ IOHookProvRef& curr = *i;
+ // Ignore if cannot be in the middle
+ if ((curr) && (!curr->IsMiddle()))
+ curr.SetProvider(std::string());
}
+
+ std::string provname = bind_tag->getString("ssl");
+ if (!provname.empty())
+ provname.insert(0, "ssl/");
+
+ // TLS (SSL) should be the last
+ iohookprovs.back().SetProvider(provname);
}