-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
*
- * InspIRCd: (C) 2002-2008 InspIRCd Development Team
- * See: http://www.inspircd.org/wiki/index.php/Credits
+ * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
*
- * This program is free but copyrighted software; see
- * the file COPYING for details.
+ * This file is part of InspIRCd. InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
*
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/* $Core */
#include "inspircd.h"
-#include "socket.h"
-#include "socketengine.h"
-
+#include "iohook.h"
-/* Private static member data must be initialized in this manner */
-unsigned int ListenSocketBase::socketcount = 0;
-sockaddr* ListenSocketBase::sock_us = NULL;
-sockaddr* ListenSocketBase::client = NULL;
-sockaddr* ListenSocketBase::raddr = NULL;
+#ifndef _WIN32
+#include <netinet/tcp.h>
+#endif
-ListenSocketBase::ListenSocketBase(InspIRCd* Instance, int port, const std::string &addr) : ServerInstance(Instance), desc("plaintext"), bind_addr(addr), bind_port(port)
+ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_to)
+ : bind_tag(tag)
+ , bind_sa(bind_to)
{
- this->SetFd(irc::sockets::OpenTCPSocket(addr.c_str()));
- if (this->GetFd() > -1)
+ // Are we creating a UNIX socket?
+ if (bind_to.family() == AF_UNIX)
{
- if (!Instance->BindSocket(this->fd,port,addr.c_str()))
- this->fd = -1;
-#ifdef IPV6
- if ((!*addr.c_str()) || (strchr(addr.c_str(),':')))
- this->family = AF_INET6;
- else
-#endif
- this->family = AF_INET;
- Instance->SE->AddFd(this);
+ // Is 'replace' enabled?
+ const bool replace = tag->getBool("replace");
+ if (replace && irc::sockets::isunix(bind_to.str()))
+ unlink(bind_to.str().c_str());
}
- /* Saves needless allocations */
- if (socketcount == 0)
+
+ fd = socket(bind_to.family(), SOCK_STREAM, 0);
+
+ if (this->fd == -1)
+ return;
+
+#ifdef IPV6_V6ONLY
+ /* This OS supports IPv6 sockets that can also listen for IPv4
+ * connections. If our address is "*" or empty, enable both v4 and v6 to
+ * allow for simpler configuration on dual-stack hosts. Otherwise, if it
+ * is "::" or an IPv6 address, disable support so that an IPv4 bind will
+ * work on the port (by us or another application).
+ */
+ if (bind_to.family() == AF_INET6)
{
- /* All instances of ListenSocket share these, so reference count it */
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Allocate sockaddr structures");
- sock_us = new sockaddr[2];
- client = new sockaddr[2];
- raddr = new sockaddr[2];
+ std::string addr = tag->getString("address");
+ /* This must be >= sizeof(DWORD) on Windows */
+ const int enable = (addr.empty() || addr == "*") ? 0 : 1;
+ /* This must be before bind() */
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast<const char *>(&enable), sizeof(enable));
+ // errors ignored intentionally
}
- socketcount++;
-}
+#endif
-ListenSocketBase::~ListenSocketBase()
-{
- if (this->GetFd() > -1)
+ if (tag->getBool("free"))
{
- ServerInstance->SE->DelFd(this);
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Shut down listener on fd %d", this->fd);
- if (ServerInstance->SE->Shutdown(this, 2) || ServerInstance->SE->Close(this))
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Failed to cancel listener: %s", strerror(errno));
- this->fd = -1;
+ socklen_t enable = 1;
+#if defined IP_FREEBIND // Linux 2.4+
+ setsockopt(fd, SOL_IP, IP_FREEBIND, &enable, sizeof(enable));
+#elif defined IP_BINDANY // FreeBSD
+ setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(enable));
+#elif defined SO_BINDANY // NetBSD/OpenBSD
+ setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, sizeof(enable));
+#else
+ (void)enable;
+#endif
}
- socketcount--;
- if (socketcount == 0)
+
+ if (bind_to.family() == AF_UNIX)
{
- delete[] sock_us;
- delete[] client;
- delete[] raddr;
+ const std::string permissionstr = tag->getString("permissions");
+ unsigned int permissions = strtoul(permissionstr.c_str(), NULL, 8);
+ if (permissions && permissions <= 07777)
+ chmod(bind_to.str().c_str(), permissions);
}
-}
-/* Just seperated into another func for tidiness really.. */
-void ListenSocketBase::AcceptInternal()
-{
- ServerInstance->Logs->Log("SOCKET",DEBUG,"HandleEvent for Listensoket");
- socklen_t uslen, length; // length of our port number
- int incomingSockfd;
+ SocketEngine::SetReuse(fd);
+ int rv = SocketEngine::Bind(this->fd, bind_to);
+ if (rv >= 0)
+ rv = SocketEngine::Listen(this->fd, ServerInstance->Config->MaxConn);
-#ifdef IPV6
- if (this->family == AF_INET6)
+ // Default defer to on for TLS listeners because in TLS the client always speaks first
+ int timeout = tag->getDuration("defer", (tag->getString("ssl").empty() ? 0 : 3));
+ if (timeout && !rv)
{
- uslen = sizeof(sockaddr_in6);
- length = sizeof(sockaddr_in6);
+#if defined TCP_DEFER_ACCEPT
+ setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &timeout, sizeof(timeout));
+#elif defined SO_ACCEPTFILTER
+ struct accept_filter_arg afa;
+ memset(&afa, 0, sizeof(afa));
+ strcpy(afa.af_name, "dataready");
+ setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
+#endif
+ }
+
+ if (rv < 0)
+ {
+ int errstore = errno;
+ SocketEngine::Shutdown(this, 2);
+ SocketEngine::Close(this->GetFd());
+ this->fd = -1;
+ errno = errstore;
}
else
-#endif
{
- uslen = sizeof(sockaddr_in);
- length = sizeof(sockaddr_in);
+ SocketEngine::NonBlocking(this->fd);
+ SocketEngine::AddFd(this, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
+
+ this->ResetIOHookProvider();
}
+}
- incomingSockfd = ServerInstance->SE->Accept(this, (sockaddr*)client, &length);
+ListenSocket::~ListenSocket()
+{
+ if (this->GetFd() > -1)
+ {
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Shut down listener on fd %d", this->fd);
+ SocketEngine::Shutdown(this, 2);
- if (incomingSockfd < 0 ||
- ServerInstance->SE->GetSockName(this, sock_us, &uslen) == -1)
+ if (SocketEngine::Close(this) != 0)
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to cancel listener: %s", strerror(errno));
+
+ if (bind_sa.family() == AF_UNIX && unlink(bind_sa.un.sun_path))
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to unlink UNIX socket: %s", strerror(errno));
+ }
+}
+
+void ListenSocket::OnEventHandlerRead()
+{
+ irc::sockets::sockaddrs client;
+ irc::sockets::sockaddrs server(bind_sa);
+
+ socklen_t length = sizeof(client);
+ int incomingSockfd = SocketEngine::Accept(this, &client.sa, &length);
+
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Accepting connection on socket %s fd %d", bind_sa.str().c_str(), incomingSockfd);
+ if (incomingSockfd < 0)
{
- ServerInstance->SE->Shutdown(incomingSockfd, 2);
- ServerInstance->SE->Close(incomingSockfd);
- ServerInstance->stats->statsRefused++;
+ ServerInstance->stats.Refused++;
return;
}
- /*
- * XXX -
- * this is done as a safety check to keep the file descriptors within range of fd_ref_table.
- * its a pretty big but for the moment valid assumption:
- * file descriptors are handed out starting at 0, and are recycled as theyre freed.
- * therefore if there is ever an fd over 65535, 65536 clients must be connected to the
- * irc server at once (or the irc server otherwise initiating this many connections, files etc)
- * which for the time being is a physical impossibility (even the largest networks dont have more
- * than about 10,000 users on ONE server!)
- */
- if (incomingSockfd >= ServerInstance->SE->GetMaxFds())
+
+ socklen_t sz = sizeof(server);
+ if (getsockname(incomingSockfd, &server.sa, &sz))
{
- ServerInstance->Logs->Log("SOCKET", DEBUG, "Server is full");
- ServerInstance->SE->Shutdown(incomingSockfd, 2);
- ServerInstance->SE->Close(incomingSockfd);
- ServerInstance->stats->statsRefused++;
- return;
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Can't get peername: %s", strerror(errno));
}
- static char buf[MAXBUF];
- static char target[MAXBUF];
+ if (client.family() == AF_INET6)
+ {
+ /*
+ * This case is the be all and end all patch to catch and nuke 4in6
+ * instead of special-casing shit all over the place and wreaking merry
+ * havoc with crap, instead, we just recreate sockaddr and strip ::ffff: prefix
+ * if it's a 4in6 IP.
+ *
+ * This is, of course, much improved over the older way of handling this
+ * (pretend it doesn't exist + hack around it -- yes, both were done!)
+ *
+ * Big, big thanks to danieldg for his work on this.
+ * -- w00t
+ */
+ static const unsigned char prefix4in6[12] = { 0,0,0,0, 0,0,0,0, 0,0,0xFF,0xFF };
+ if (!memcmp(prefix4in6, &client.in6.sin6_addr, 12))
+ {
+ // recreate as a sockaddr_in using the IPv4 IP
+ uint16_t sport = client.in6.sin6_port;
+ client.in4.sin_family = AF_INET;
+ client.in4.sin_port = sport;
+ memcpy(&client.in4.sin_addr.s_addr, client.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t));
+
+ sport = server.in6.sin6_port;
+ server.in4.sin_family = AF_INET;
+ server.in4.sin_port = sport;
+ memcpy(&server.in4.sin_addr.s_addr, server.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t));
+ }
+ }
+ else if (client.family() == AF_UNIX)
+ {
+ // Clients connecting via UNIX sockets don't have paths so give them
+ // the server path as defined in RFC 1459 section 8.1.1.
+ //
+ // strcpy is safe here because sizeof(sockaddr_un.sun_path) is equal on both.
+ strcpy(client.un.sun_path, server.un.sun_path);
+ }
- *target = *buf = '\0';
+ SocketEngine::NonBlocking(incomingSockfd);
-#ifdef IPV6
- if (this->family == AF_INET6)
+ ModResult res;
+ FIRST_MOD_RESULT(OnAcceptConnection, res, (incomingSockfd, this, &client, &server));
+ if (res == MOD_RES_PASSTHRU)
{
- inet_ntop(AF_INET6, &((const sockaddr_in6*)client)->sin6_addr, buf, sizeof(buf));
- socklen_t raddrsz = sizeof(sockaddr_in6);
- if (getsockname(incomingSockfd, (sockaddr*) raddr, &raddrsz) == 0)
- inet_ntop(AF_INET6, &((const sockaddr_in6*)raddr)->sin6_addr, target, sizeof(target));
- else
- ServerInstance->Logs->Log("SOCKET", DEBUG, "Can't get peername: %s", strerror(errno));
-
- static const unsigned char prefix4in6[12] = { 0,0,0,0, 0,0,0,0, 0,0,0xFF,0xFF };
- if (!memcmp(prefix4in6, &((const sockaddr_in6*)client)->sin6_addr, 12))
+ std::string type = bind_tag->getString("type", "clients");
+ if (stdalgo::string::equalsci(type, "clients"))
{
- // strip leading ::ffff: from the IPs
- memmove(buf, buf+7, sizeof(buf)-7);
- memmove(target, target+7, sizeof(target)-7);
-
- // recreate as a sockaddr_in using the IPv4 IP
- uint16_t sport = ((const sockaddr_in6*)client)->sin6_port;
- struct sockaddr_in* clientv4 = (struct sockaddr_in*)client;
- clientv4->sin_family = AF_INET;
- clientv4->sin_port = sport;
- inet_pton(AF_INET, buf, &clientv4->sin_addr);
+ ServerInstance->Users->AddUser(incomingSockfd, this, &client, &server);
+ res = MOD_RES_ALLOW;
}
}
+ if (res == MOD_RES_ALLOW)
+ {
+ ServerInstance->stats.Accept++;
+ }
else
-#endif
{
- inet_ntop(AF_INET, &((const sockaddr_in*)client)->sin_addr, buf, sizeof(buf));
- socklen_t raddrsz = sizeof(sockaddr_in);
- if (getsockname(incomingSockfd, (sockaddr*) raddr, &raddrsz) == 0)
- inet_ntop(AF_INET, &((const sockaddr_in*)raddr)->sin_addr, target, sizeof(target));
- else
- ServerInstance->Logs->Log("SOCKET", DEBUG, "Can't get peername: %s", strerror(errno));
+ ServerInstance->stats.Refused++;
+ ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "Refusing connection on %s - %s",
+ bind_sa.str().c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found");
+ SocketEngine::Close(incomingSockfd);
}
-
- ServerInstance->SE->NonBlocking(incomingSockfd);
- ServerInstance->stats->statsAccept++;
- this->OnAcceptReady(target, incomingSockfd, buf);
}
-void ListenSocketBase::HandleEvent(EventType e, int err)
+void ListenSocket::ResetIOHookProvider()
{
- switch (e)
- {
- case EVENT_ERROR:
- ServerInstance->Logs->Log("SOCKET",DEFAULT,"ListenSocket::HandleEvent() received a socket engine error event! well shit! '%s'", strerror(err));
- break;
- case EVENT_WRITE:
- ServerInstance->Logs->Log("SOCKET",DEBUG,"*** BUG *** ListenSocket::HandleEvent() got a WRITE event!!!");
- break;
- case EVENT_READ:
- this->AcceptInternal();
- break;
+ iohookprovs[0].SetProvider(bind_tag->getString("hook"));
+
+ // Check that all non-last hooks support being in the middle
+ for (IOHookProvList::iterator i = iohookprovs.begin(); i != iohookprovs.end()-1; ++i)
+ {
+ IOHookProvRef& curr = *i;
+ // Ignore if cannot be in the middle
+ if ((curr) && (!curr->IsMiddle()))
+ curr.SetProvider(std::string());
}
-}
-void ClientListenSocket::OnAcceptReady(const std::string &ipconnectedto, int nfd, const std::string &incomingip)
-{
- ServerInstance->Users->AddUser(ServerInstance, nfd, bind_port, false, client, ipconnectedto);
+ std::string provname = bind_tag->getString("ssl");
+ if (!provname.empty())
+ provname.insert(0, "ssl/");
+
+ // SSL should be the last
+ iohookprovs.back().SetProvider(provname);
}