drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-26 20:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

tpws: fix possible address unavailable error after reboot

Browse Source
This commit is contained in:
bol-van 2021-03-05 21:02:34 +03:00
parent 4a54b217e2
commit 00ca862068
6 changed files with 112 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
tpws/helpers.c
View File

@ -30,23 +30,45 @@ char *strncasestr(const char *s,const char *find, size_t slen)
return (char *)s;
}
void print_sockaddr(const struct sockaddr *sa)
void ntop46(const struct sockaddr *sa, char *str, size_t len)
{
char str[64];
if (!len) return;
*str=0;
switch (sa->sa_family)
{
case AF_INET:
if (inet_ntop(sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, str, sizeof(str)))
printf("%s:%d", str, ntohs(((struct sockaddr_in*)sa)->sin_port));
inet_ntop(sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, str, len);
break;
case AF_INET6:
if (inet_ntop(sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, str, sizeof(str)))
printf("%s:%d", str, ntohs(((struct sockaddr_in6*)sa)->sin6_port));
inet_ntop(sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, str, len);
break;
default:
printf("UNKNOWN_FAMILY_%d", sa->sa_family);
snprintf(str,len,"UNKNOWN_FAMILY_%d",sa->sa_family);
}
}
void ntop46_port(const struct sockaddr *sa, char *str, size_t len)
{
char ip[40];
ntop46(sa,ip,sizeof(ip));
switch (sa->sa_family)
{
case AF_INET:
snprintf(str,len,"%s:%u",ip,ntohs(((struct sockaddr_in*)sa)->sin_port));
break;
case AF_INET6:
snprintf(str,len,"[%s]:%u",ip,ntohs(((struct sockaddr_in6*)sa)->sin6_port));
break;
default:
snprintf(str,len,"%s",ip);
}
}
void print_sockaddr(const struct sockaddr *sa)
{
char ip_port[48];
ntop46_port(sa,ip_port,sizeof(ip_port));
printf("%s",ip_port);
}
// -1 = error, 0 = not local, 1 = local
@ -128,6 +150,17 @@ bool saconvmapped(struct sockaddr_storage *a)
return false;
}
bool is_linklocal(const struct sockaddr_in6* a)
{
// fe80::/10
return a->sin6_addr.s6_addr[0]==0xFE && (a->sin6_addr.s6_addr[1] & 0xC0)==0x80;
}
bool is_private6(const struct sockaddr_in6* a)
{
// fdf0::/8
return a->sin6_addr.s6_addr[0]==0xFD;
}
int set_keepalive(int fd)

5
tpws/helpers.h
View File

@ -8,6 +8,8 @@
char *strncasestr(const char *s,const char *find, size_t slen);
void ntop46(const struct sockaddr *sa, char *str, size_t len);
void ntop46_port(const struct sockaddr *sa, char *str, size_t len);
void print_sockaddr(const struct sockaddr *sa);
void print_addrinfo(const struct addrinfo *ai);
bool check_local_ip(const struct sockaddr *saddr);
@ -19,5 +21,8 @@ uint16_t saport(const struct sockaddr *sa);
// true = was converted
bool saconvmapped(struct sockaddr_storage *a);
bool is_linklocal(const struct sockaddr_in6* a);
bool is_private6(const struct sockaddr_in6* a);
int set_keepalive(int fd);
int get_so_error(int fd);

4
tpws/redirect.c
View File

@ -46,7 +46,7 @@ static bool redir_open_private(const char *fname, int flags)
redirector_fd = open(fname, flags);
if (redirector_fd < 0)
{
perror("redir_openv_private: ");
perror("redir_openv_private");
return false;
}
DBGPRINT("opened redirector %s",fname);
@ -179,7 +179,7 @@ bool get_dest_addr(int sockfd, const struct sockaddr *accept_sa, struct sockaddr
r=getsockname(sockfd, (struct sockaddr*) orig_dst, &addrlen);
if (r<0)
{
perror("getsockname: ");
perror("getsockname");
return false;
}
if (orig_dst->ss_family==AF_INET6)

10
tpws/sec.c
View File

@ -88,24 +88,24 @@ bool droproot(uid_t uid, gid_t gid)
#ifdef __linux__
if (prctl(PR_SET_KEEPCAPS, 1L))
{
perror("prctl(PR_SET_KEEPCAPS): ");
perror("prctl(PR_SET_KEEPCAPS)");
return false;
}
#endif
// drop all SGIDs
if (setgroups(0,NULL))
{
perror("setgroups: ");
perror("setgroups");
return false;
}
if (setgid(gid))
{
perror("setgid: ");
perror("setgid");
return false;
}
if (setuid(uid))
{
perror("setuid: ");
perror("setuid");
return false;
}
#ifdef __linux__
@ -138,7 +138,7 @@ void daemonize()
pid = fork();
if (pid == -1)
{
perror("fork: ");
perror("fork");
exit(2);
}
else if (pid != 0)

66
tpws/tpws.c
View File

@ -35,6 +35,7 @@
#include "params.h"
#include "sec.h"
#include "redirect.h"
#include "helpers.h"
struct params_s params;
@ -496,10 +497,6 @@ void parse_params(int argc, char *argv[])
}
static bool is_linklocal(const struct sockaddr_in6* a)
{
return a->sin6_addr.s6_addr[0]==0xFE && (a->sin6_addr.s6_addr[1] & 0xC0)==0x80;
}
static bool find_listen_addr(struct sockaddr_storage *salisten, const char *bindiface, bool bind_if6, bool bindll, int *if_index)
{
struct ifaddrs *addrs,*a;
@ -508,8 +505,10 @@ static bool find_listen_addr(struct sockaddr_storage *salisten, const char *bind
if (getifaddrs(&addrs)<0)
return false;
int maxpass = (bind_if6 && !bindll) ? 2 : 1;
for(int pass=0;pass<maxpass;pass++)
// for ipv6 preference order
// bind-linklocal-1 : link-local,private,global
// bind-linklocal=0 : private,global,link-local
for(int pass=0;pass<3;pass++)
{
a = addrs;
while (a)
@ -531,7 +530,7 @@ static bool find_listen_addr(struct sockaddr_storage *salisten, const char *bind
*bindiface && bind_if6 && !strcmp(a->ifa_name, bindiface))
&&
(bindll && is_linklocal((struct sockaddr_in6*)a->ifa_addr) ||
!bindll && (pass || !is_linklocal((struct sockaddr_in6*)a->ifa_addr)))
!bindll && (pass==2 || pass==0 && is_private6((struct sockaddr_in6*)a->ifa_addr) || pass==1 && !is_linklocal((struct sockaddr_in6*)a->ifa_addr)))
)
{
salisten->ss_family = AF_INET6;
@ -639,11 +638,13 @@ struct salisten_s
struct sockaddr_storage salisten;
socklen_t salisten_len;
int ipv6_only;
int bind_wait_ip_left; // how much seconds left from bind_wait_ip
};
int main(int argc, char *argv[])
{
int i, listen_fd[MAX_BINDS], yes = 1, retval = 0, if_index, exit_v=EXIT_FAILURE;
struct salisten_s list[MAX_BINDS];
char ip_port[48];
srand(time(NULL));
parse_params(argc, argv);
@ -692,6 +693,7 @@ int main(int argc, char *argv[])
goto exiterr;
}
}
list[i].bind_wait_ip_left = params.binds[i].bind_wait_ip;
if (*params.binds[i].bindaddr)
{
if (inet_pton(AF_INET, params.binds[i].bindaddr, &((struct sockaddr_in*)(&list[i].salisten))->sin_addr))
@ -747,6 +749,7 @@ int main(int argc, char *argv[])
printf("suitable ip address not found\n");
goto exiterr;
}
list[i].bind_wait_ip_left = params.binds[i].bind_wait_ip - sec;
list[i].ipv6_only=1;
}
else
@ -771,7 +774,7 @@ int main(int argc, char *argv[])
if (params.bind_wait_only)
{
printf("bind wait condition satisfied. exiting.\n");
printf("bind wait condition satisfied\n");
exit_v = 0;
goto exiterr;
}
@ -784,24 +787,28 @@ int main(int argc, char *argv[])
for(i=0;i<=params.binds_last;i++)
{
VPRINT("Binding %d",i);
if (params.debug)
{
ntop46_port((struct sockaddr *)&list[i].salisten, ip_port, sizeof(ip_port));
VPRINT("Binding %d to %s",i,ip_port);
}
if ((listen_fd[i] = socket(list[i].salisten.ss_family, SOCK_STREAM, 0)) == -1) {
perror("socket: ");
perror("socket");
goto exiterr;
}
#ifndef __OpenBSD__
// in OpenBSD always IPV6_ONLY for wildcard sockets
if ((list[i].salisten.ss_family == AF_INET6) && setsockopt(listen_fd[i], IPPROTO_IPV6, IPV6_V6ONLY, &list[i].ipv6_only, sizeof(int)) == -1)
{
perror("setsockopt (IPV6_ONLY): ");
perror("setsockopt (IPV6_ONLY)");
goto exiterr;
}
#endif
if (setsockopt(listen_fd[i], SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) == -1)
{
perror("setsockopt (SO_REUSEADDR): ");
perror("setsockopt (SO_REUSEADDR)");
goto exiterr;
}
@ -812,13 +819,13 @@ int main(int argc, char *argv[])
#ifdef __linux__
if (setsockopt(listen_fd[i], SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1)
{
perror("setsockopt (IP_TRANSPARENT): ");
perror("setsockopt (IP_TRANSPARENT)");
goto exiterr;
}
#elif defined(BSD) && defined(SO_BINDANY)
if (setsockopt(listen_fd[i], SOL_SOCKET, SO_BINDANY, &yes, sizeof(yes)) == -1)
{
perror("setsockopt (SO_BINDANY): ");
perror("setsockopt (SO_BINDANY)");
goto exiterr;
}
#endif
@ -837,12 +844,35 @@ int main(int argc, char *argv[])
setsockopt(listen_fd[i],SOL_SOCKET,SO_RCVBUF,&v,sizeof(int));
}
}
if (bind(listen_fd[i], (struct sockaddr *)&list[i].salisten, list[i].salisten_len) == -1) {
perror("bind: ");
bool bBindBug=false;
for(;;)
{
if (bind(listen_fd[i], (struct sockaddr *)&list[i].salisten, list[i].salisten_len) == -1)
{
// in linux strange behaviour was observed
// just after ifup and address assignment there's short window when bind() can't bind to addresses got from getifaddrs()
// it does not happen to transparent sockets because they cant bind to any non-existend ip
// also only ipv6 seem to be buggy this way
if (errno==EADDRNOTAVAIL && params.proxy_type!=CONN_TYPE_TRANSPARENT && list[i].bind_wait_ip_left)
{
if (!bBindBug)
{
ntop46_port((struct sockaddr *)&list[i].salisten, ip_port, sizeof(ip_port));
printf("address %s is not available. will retry for %d sec\n",ip_port,list[i].bind_wait_ip_left);
bBindBug=true;
}
sleep(1);
list[i].bind_wait_ip_left--;
continue;
}
perror("bind");
goto exiterr;
}
if (listen(listen_fd[i], BACKLOG) == -1) {
perror("listen: ");
break;
}
if (listen(listen_fd[i], BACKLOG) == -1)
{
perror("listen");
goto exiterr;
}
}

22
tpws/tpws_conn.c
View File

@ -272,13 +272,13 @@ bool set_socket_buffers(int fd, int rcvbuf, int sndbuf)
DBGPRINT("set_socket_buffers fd=%d rcvbuf=%d sndbuf=%d",fd,rcvbuf,sndbuf)
if (rcvbuf && setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcvbuf, sizeof(int)) <0)
{
perror("setsockopt (SO_RCVBUF): ");
perror("setsockopt (SO_RCVBUF)");
close(fd);
return false;
}
if (sndbuf && setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(int)) <0)
{
perror("setsockopt (SO_SNDBUF): ");
perror("setsockopt (SO_SNDBUF)");
close(fd);
return false;
}
@ -296,20 +296,20 @@ static int connect_remote(const struct sockaddr *remote_addr)
if((remote_fd = socket(remote_addr->sa_family, SOCK_STREAM, 0)) < 0)
{
perror("socket (connect_remote): ");
perror("socket (connect_remote)");
return -1;
}
// Use NONBLOCK to avoid slow connects affecting the performance of other connections
// separate fcntl call to comply with macos
if (fcntl(remote_fd, F_SETFL, O_NONBLOCK)<0)
{
perror("socket set O_NONBLOCK (connect_remote): ");
perror("socket set O_NONBLOCK (connect_remote)");
close(remote_fd);
return -1;
}
if(setsockopt(remote_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)) < 0)
{
perror("setsockopt (SO_REUSEADDR, connect_remote): ");
perror("setsockopt (SO_REUSEADDR, connect_remote)");
close(remote_fd);
return -1;
}
@ -317,13 +317,13 @@ static int connect_remote(const struct sockaddr *remote_addr)
return -1;
if(!set_keepalive(remote_fd))
{
perror("set_keepalive: ");
perror("set_keepalive");
close(remote_fd);
return -1;
}
if (setsockopt(remote_fd, IPPROTO_TCP, TCP_NODELAY, params.skip_nodelay ? &no : &yes, sizeof(int)) <0)
{
perror("setsockopt (SO_NODELAY, connect_remote): ");
perror("setsockopt (SO_NODELAY, connect_remote)");
close(remote_fd);
return -1;
}
@ -331,7 +331,7 @@ static int connect_remote(const struct sockaddr *remote_addr)
{
if(errno != EINPROGRESS)
{
perror("connect (connect_remote): ");
perror("connect (connect_remote)");
close(remote_fd);
return -1;
}
@ -466,7 +466,7 @@ static tproxy_conn_t* add_tcp_connection(int efd, struct tailhead *conn_list,int
if(!set_keepalive(local_fd))
{
perror("set_keepalive: ");
perror("set_keepalive");
close(local_fd);
return 0;
}
@ -1177,7 +1177,7 @@ int event_loop(int *listen_fd, size_t listen_fd_ct)
tmp_fd = accept(conn->fd, (struct sockaddr*)&accept_sa, &accept_salen);
if (tmp_fd < 0)
{
perror("Failed to accept connection : ");
perror("Failed to accept connection");
}
else if (legs_local >= params.maxconn) // each connection has 2 legs - local and remote
{
@ -1187,7 +1187,7 @@ int event_loop(int *listen_fd, size_t listen_fd_ct)
// separate fcntl call to comply with macos
else if (fcntl(tmp_fd, F_SETFL, O_NONBLOCK) < 0)
{
perror("socket set O_NONBLOCK (accept): ");
perror("socket set O_NONBLOCK (accept)");
close(tmp_fd);
}
else if (!(conn=add_tcp_connection(efd, &conn_list, tmp_fd, (struct sockaddr*)&accept_sa, params.port, params.proxy_type)))