2 * ngIRCd -- The Next Generation IRC Daemon
3 * Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 * Please read the file COPYING, README and AUTHORS for more information.
22 * Connection management
37 #include <sys/socket.h>
39 #include <sys/types.h>
41 #include <netinet/in.h>
43 #ifdef HAVE_NETINET_IP_H
44 # ifdef HAVE_NETINET_IN_SYSTM_H
45 # include <netinet/in_systm.h>
47 # include <netinet/ip.h>
51 # include <tcpd.h> /* for TCP Wrappers */
66 #include "conn-encoding.h"
69 #include "conn-func.h"
71 #include "ng_ipaddr.h"
79 #define SERVER_WAIT (NONE - 1)
81 #define MAX_COMMANDS 3
82 #define MAX_COMMANDS_SERVER_MIN 10
83 #define MAX_COMMANDS_SERVICE 10
85 #define SD_LISTEN_FDS_START 3
88 static bool Handle_Write PARAMS(( CONN_ID Idx ));
89 static bool Conn_Write PARAMS(( CONN_ID Idx, char *Data, size_t Len ));
90 static int New_Connection PARAMS(( int Sock, bool IsSSL ));
91 static CONN_ID Socket2Index PARAMS(( int Sock ));
92 static void Read_Request PARAMS(( CONN_ID Idx ));
93 static unsigned int Handle_Buffer PARAMS(( CONN_ID Idx ));
94 static void Check_Connections PARAMS(( void ));
95 static void Check_Servers PARAMS(( void ));
96 static void Init_Conn_Struct PARAMS(( CONN_ID Idx ));
97 static bool Init_Socket PARAMS(( int Sock ));
98 static void New_Server PARAMS(( int Server, ng_ipaddr_t *dest ));
99 static void Simple_Message PARAMS(( int Sock, const char *Msg ));
100 static int NewListener PARAMS(( const char *listen_addr, UINT16 Port ));
101 static void Account_Connection PARAMS((void));
104 static array My_Listeners;
105 static array My_ConnArray;
106 static size_t NumConnections, NumConnectionsMax, NumConnectionsAccepted;
109 int allow_severity = LOG_INFO;
110 int deny_severity = LOG_ERR;
113 static void server_login PARAMS((CONN_ID idx));
116 extern struct SSLOptions Conf_SSLOptions;
117 static void cb_connserver_login_ssl PARAMS((int sock, short what));
118 static void cb_clientserver_ssl PARAMS((int sock, short what));
120 static void cb_Read_Resolver_Result PARAMS((int sock, UNUSED short what));
121 static void cb_Connect_to_Server PARAMS((int sock, UNUSED short what));
122 static void cb_clientserver PARAMS((int sock, short what));
128 * Get number of sockets available from systemd(8).
130 * ngIRCd needs to implement its own sd_listen_fds(3) function and can't
131 * use the one provided by systemd itself, because the sockets will be
132 * used in a forked child process with a new PID, and this would trigger
133 * an error in the standard implementation.
135 * @return Number of sockets available, -1 if sockets have already been
136 * initialized, or 0 when no sockets have been passed.
139 my_sd_listen_fds(void)
144 /* Check if LISTEN_PID exists; but we ignore the result, because
145 * normally ngircd forks a child before checking this, and therefore
146 * the PID set in the environment is always wrong ... */
147 e = getenv("LISTEN_PID");
151 e = getenv("LISTEN_FDS");
155 unsetenv("LISTEN_FDS");
162 * IO callback for listening sockets: handle new connections. This callback
163 * gets called when a new non-SSL connection should be accepted.
165 * @param sock Socket descriptor.
166 * @param irrelevant (ignored IO specification)
169 cb_listen(int sock, short irrelevant)
172 (void) New_Connection(sock, false);
178 * IO callback for listening SSL sockets: handle new connections. This callback
179 * gets called when a new SSL-enabled connection should be accepted.
181 * @param sock Socket descriptor.
182 * @param irrelevant (ignored IO specification)
185 cb_listen_ssl(int sock, short irrelevant)
190 fd = New_Connection(sock, true);
193 io_event_setcb(My_Connections[fd].sock, cb_clientserver_ssl);
199 * IO callback for new outgoing non-SSL server connections.
201 * @param sock Socket descriptor.
202 * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...).
205 cb_connserver(int sock, UNUSED short what)
207 int res, err, server;
209 CONN_ID idx = Socket2Index( sock );
212 LogDebug("cb_connserver wants to write on unknown socket?!");
217 assert(what & IO_WANTWRITE);
219 /* Make sure that the server is still configured; it could have been
220 * removed in the meantime! */
221 server = Conf_GetServer(idx);
223 Log(LOG_ERR, "Connection on socket %d to \"%s\" aborted!",
224 sock, My_Connections[idx].host);
225 Conn_Close(idx, "Connection aborted", NULL, false);
229 /* connect() finished, get result. */
230 sock_len = (socklen_t)sizeof(err);
231 res = getsockopt(My_Connections[idx].sock, SOL_SOCKET, SO_ERROR,
233 assert(sock_len == sizeof(err));
235 /* Error while connecting? */
236 if ((res != 0) || (err != 0)) {
238 Log(LOG_CRIT, "getsockopt (connection %d): %s!",
239 idx, strerror(errno));
242 "Can't connect socket to \"%s:%d\" (connection %d): %s!",
243 My_Connections[idx].host, Conf_Server[server].port,
246 Conn_Close(idx, "Can't connect", NULL, false);
248 if (ng_ipaddr_af(&Conf_Server[server].dst_addr[0])) {
249 /* more addresses to try... */
250 New_Server(server, &Conf_Server[server].dst_addr[0]);
251 /* connection to dst_addr[0] is now in progress, so
252 * remove this address... */
253 Conf_Server[server].dst_addr[0] =
254 Conf_Server[server].dst_addr[1];
255 memset(&Conf_Server[server].dst_addr[1], 0,
256 sizeof(Conf_Server[server].dst_addr[1]));
261 /* connect() succeeded, remove all additional addresses */
262 memset(&Conf_Server[server].dst_addr, 0,
263 sizeof(Conf_Server[server].dst_addr));
265 Conn_OPTION_DEL( &My_Connections[idx], CONN_ISCONNECTING );
267 if ( Conn_OPTION_ISSET( &My_Connections[idx], CONN_SSL_CONNECT )) {
268 io_event_setcb( sock, cb_connserver_login_ssl );
269 io_event_add( sock, IO_WANTWRITE|IO_WANTREAD );
278 * Login to a remote server.
280 * @param idx Connection index.
283 server_login(CONN_ID idx)
286 "Connection %d (socket %d) with \"%s:%d\" established. Now logging in ...",
287 idx, My_Connections[idx].sock, My_Connections[idx].host,
288 Conf_Server[Conf_GetServer(idx)].port);
290 io_event_setcb( My_Connections[idx].sock, cb_clientserver);
291 io_event_add( My_Connections[idx].sock, IO_WANTREAD|IO_WANTWRITE);
293 /* Send PASS and SERVER command to peer */
294 Conn_WriteStr( idx, "PASS %s %s", Conf_Server[Conf_GetServer( idx )].pwd_out, NGIRCd_ProtoID );
295 Conn_WriteStr( idx, "SERVER %s :%s", Conf_ServerName, Conf_ServerInfo );
301 * IO callback for new outgoing SSL-enabled server connections.
303 * @param sock Socket descriptor.
304 * @param unused (ignored IO specification)
307 cb_connserver_login_ssl(int sock, short unused)
309 CONN_ID idx = Socket2Index(sock);
317 switch (ConnSSL_Connect( &My_Connections[idx])) {
319 case 0: LogDebug("ConnSSL_Connect: not ready");
322 Log(LOG_ERR, "SSL connection on socket %d failed!", sock);
323 Conn_Close(idx, "Can't connect", NULL, false);
327 Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx,
328 My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port );
336 * IO callback for established non-SSL client and server connections.
338 * @param sock Socket descriptor.
339 * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...).
342 cb_clientserver(int sock, short what)
344 CONN_ID idx = Socket2Index(sock);
353 if (what & IO_WANTREAD
354 || (Conn_OPTION_ISSET(&My_Connections[idx], CONN_SSL_WANT_WRITE))) {
355 /* if TLS layer needs to write additional data, call
356 * Read_Request() instead so that SSL/TLS can continue */
360 if (what & IO_WANTREAD)
363 if (what & IO_WANTWRITE)
370 * IO callback for new SSL-enabled client and server connections.
372 * @param sock Socket descriptor.
373 * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...).
376 cb_clientserver_ssl(int sock, UNUSED short what)
378 CONN_ID idx = Socket2Index(sock);
387 switch (ConnSSL_Accept(&My_Connections[idx])) {
391 return; /* EAGAIN: callback will be invoked again by IO layer */
394 "SSL accept error, closing socket", "SSL accept error",
399 io_event_setcb(sock, cb_clientserver); /* SSL handshake completed */
405 * Initialize connection module.
412 Pool_Size = CONNECTION_POOL;
413 if ((Conf_MaxConnections > 0) &&
414 (Pool_Size > Conf_MaxConnections))
415 Pool_Size = Conf_MaxConnections;
417 if (!array_alloc(&My_ConnArray, sizeof(CONNECTION), (size_t)Pool_Size)) {
418 Log(LOG_EMERG, "Can't allocate memory! [Conn_Init]");
422 /* FIXME: My_Connetions/Pool_Size is needed by other parts of the
423 * code; remove them! */
424 My_Connections = (CONNECTION*) array_start(&My_ConnArray);
426 LogDebug("Allocated connection pool for %d items (%ld bytes).",
427 array_length(&My_ConnArray, sizeof(CONNECTION)),
428 array_bytes(&My_ConnArray));
430 assert(array_length(&My_ConnArray, sizeof(CONNECTION)) >= (size_t)Pool_Size);
432 array_free( &My_Listeners );
434 for (i = 0; i < Pool_Size; i++)
440 * Clean up connection module.
447 Conn_ExitListeners();
449 LogDebug("Shutting down all connections ..." );
450 for( idx = 0; idx < Pool_Size; idx++ ) {
451 if( My_Connections[idx].sock > NONE ) {
452 Conn_Close( idx, NULL, NGIRCd_SignalRestart ?
453 "Server going down (restarting)":"Server going down", true );
457 array_free(&My_ConnArray);
458 My_Connections = NULL;
460 io_library_shutdown();
465 * Close all sockets (file descriptors) of open connections.
466 * This is useful in forked child processes, for example, to make sure that
467 * they don't hold connections open that the main process wants to close.
470 Conn_CloseAllSockets(int ExceptOf)
474 for(idx = 0; idx < Pool_Size; idx++) {
475 if(My_Connections[idx].sock > NONE &&
476 My_Connections[idx].sock != ExceptOf)
477 close(My_Connections[idx].sock);
483 * Initialize listening ports.
485 * @param a Array containing the ports the daemon should listen on.
486 * @param listen_addr Address the socket should listen on (can be "0.0.0.0").
487 * @param func IO callback function to register.
488 * @returns Number of listening sockets created.
491 Init_Listeners(array *a, const char *listen_addr, void (*func)(int,short))
493 unsigned int created = 0;
498 len = array_length(a, sizeof (UINT16));
499 port = array_start(a);
501 fd = NewListener(listen_addr, *port);
506 if (!io_event_create( fd, IO_WANTREAD, func )) {
508 "io_event_create(): Can't add fd %d (port %u): %s!",
509 fd, (unsigned int) *port, strerror(errno));
522 * Initialize all listening sockets.
524 * @returns Number of created listening sockets
527 Conn_InitListeners( void )
529 /* Initialize ports on which the server should accept connections */
530 unsigned int created = 0;
531 char *af_str, *copy, *listen_addr;
532 int count, fd, i, addr_len;
535 assert(Conf_ListenAddress);
537 count = my_sd_listen_fds();
540 "Not re-initializing listening sockets of systemd(8) ...");
544 /* systemd(8) passed sockets to us, so don't try to initialize
545 * listening sockets on our own but use the passed ones */
546 LogDebug("Initializing %d systemd sockets ...", count);
547 for (i = 0; i < count; i++) {
548 fd = SD_LISTEN_FDS_START + i;
549 addr_len = (int)sizeof(addr);
550 getsockname(fd, (struct sockaddr *)&addr, (socklen_t*)&addr_len);
552 if (addr.sin4.sin_family != AF_INET && addr.sin4.sin_family != AF_INET6)
554 if (addr.sin4.sin_family != AF_INET)
557 /* Socket is of unsupported type! For example, systemd passed in
558 * an IPv6 socket but ngIRCd isn't compiled with IPv6 support. */
559 switch (addr.sin4.sin_family)
561 case AF_UNSPEC: af_str = "AF_UNSPEC"; break;
562 case AF_UNIX: af_str = "AF_UNIX"; break;
563 case AF_INET: af_str = "AF_INET"; break;
565 case AF_INET6: af_str = "AF_INET6"; break;
568 case AF_NETLINK: af_str = "AF_NETLINK"; break;
570 default: af_str = "unknown"; break;
573 "Socket %d is of unsupported type \"%s\" (%d), have to ignore it!",
574 fd, af_str, addr.sin4.sin_family);
580 if (!io_event_create(fd, IO_WANTREAD, cb_listen)) {
582 "io_event_create(): Can't add fd %d: %s!",
583 fd, strerror(errno));
587 "Initialized socket %d from systemd(8): %s:%d.", fd,
588 ng_ipaddr_tostr(&addr), ng_ipaddr_getport(&addr));
594 /* not using systemd socket activation, initialize listening sockets: */
596 /* can't use Conf_ListenAddress directly, see below */
597 copy = strdup(Conf_ListenAddress);
599 Log(LOG_CRIT, "Cannot copy %s: %s", Conf_ListenAddress,
603 listen_addr = strtok(copy, ",");
605 while (listen_addr) {
606 ngt_TrimStr(listen_addr);
608 created += Init_Listeners(&Conf_ListenPorts,
609 listen_addr, cb_listen);
611 created += Init_Listeners(&Conf_SSLOptions.ListenPorts,
612 listen_addr, cb_listen_ssl);
616 listen_addr = strtok(NULL, ",");
619 /* Can't free() Conf_ListenAddress here: on REHASH, if the config file
620 * cannot be re-loaded, we'd end up with a NULL Conf_ListenAddress.
621 * Instead, free() takes place in conf.c, before the config file
622 * is being parsed. */
626 } /* Conn_InitListeners */
630 * Shut down all listening sockets.
633 Conn_ExitListeners( void )
635 /* Close down all listening sockets */
639 /* Get number of listening sockets to shut down. There can be none
640 * if ngIRCd has been "socket activated" by systemd. */
641 arraylen = array_length(&My_Listeners, sizeof (int));
646 "Shutting down all listening sockets (%d total) ...", arraylen);
647 fd = array_start(&My_Listeners);
652 LogDebug("Listening socket %d closed.", *fd );
655 array_free(&My_Listeners);
656 } /* Conn_ExitListeners */
660 * Bind a socket to a specific (source) address.
662 * @param addr Address structure.
663 * @param listen_addrstr Source address as string.
664 * @param Port Port number.
665 * @returns true on success, false otherwise.
668 InitSinaddrListenAddr(ng_ipaddr_t *addr, const char *listen_addrstr, UINT16 Port)
672 ret = ng_ipaddr_init(addr, listen_addrstr, Port);
674 assert(listen_addrstr);
675 Log(LOG_CRIT, "Can't bind to [%s]:%u: can't convert ip address \"%s\"!",
676 listen_addrstr, Port, listen_addrstr);
683 * Set a socket to "IPv6 only". If the given socket doesn't belong to the
684 * AF_INET6 family, or the operating system doesn't support this functionality,
685 * this function retruns silently.
687 * @param af Address family of the socket.
688 * @param sock Socket handle.
691 set_v6_only(int af, int sock)
693 #if defined(IPV6_V6ONLY) && defined(WANT_IPV6)
699 if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, (socklen_t)sizeof(on)))
700 Log(LOG_ERR, "Could not set IPV6_V6ONLY: %s", strerror(errno));
709 * Initialize new listening port.
711 * @param listen_addr Local address to bind the socet to (can be 0.0.0.0).
712 * @param Port Port number on which the new socket should be listening.
713 * @returns file descriptor of the socket or -1 on failure.
716 NewListener(const char *listen_addr, UINT16 Port)
718 /* Create new listening socket on specified port */
722 if (!InitSinaddrListenAddr(&addr, listen_addr, Port))
725 af = ng_ipaddr_af(&addr);
726 sock = socket(af, SOCK_STREAM, 0);
728 Log(LOG_CRIT, "Can't create socket (af %d) : %s!", af,
733 set_v6_only(af, sock);
735 if (!Init_Socket(sock))
738 if (bind(sock, (struct sockaddr *)&addr, ng_ipaddr_salen(&addr)) != 0) {
739 Log(LOG_CRIT, "Can't bind socket to address %s:%d - %s!",
740 ng_ipaddr_tostr(&addr), Port, strerror(errno));
745 if (listen(sock, 10) != 0) {
746 Log(LOG_CRIT, "Can't listen on socket: %s!", strerror(errno));
751 /* keep fd in list so we can close it when ngircd restarts/shuts down */
752 if (!array_catb(&My_Listeners, (char *)&sock, sizeof(int))) {
753 Log(LOG_CRIT, "Can't add socket to My_Listeners array: %s!",
759 Log(LOG_INFO, "Now listening on [%s]:%d (socket %d).",
760 ng_ipaddr_tostr(&addr), Port, sock);
768 * Check if SSL library needs to read SSL-protocol related data.
770 * SSL/TLS connections require extra treatment:
771 * When either CONN_SSL_WANT_WRITE or CONN_SSL_WANT_READ is set, we
772 * need to take care of that first, before checking read/write buffers.
773 * For instance, while we might have data in our write buffer, the
774 * TLS/SSL protocol might need to read internal data first for TLS/SSL
777 * If this function returns true, such a condition is met and we have
778 * to reverse the condition (check for read even if we've data to write,
779 * do not check for read but writeability even if write-buffer is empty).
781 * @param c Connection to check.
782 * @returns true if SSL-library has to read protocol data.
785 SSL_WantRead(const CONNECTION *c)
787 if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_READ)) {
788 io_event_add(c->sock, IO_WANTREAD);
795 * Check if SSL library needs to write SSL-protocol related data.
797 * Please see description of SSL_WantRead() for full description!
799 * @param c Connection to check.
800 * @returns true if SSL-library has to write protocol data.
803 SSL_WantWrite(const CONNECTION *c)
805 if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_WRITE)) {
806 io_event_add(c->sock, IO_WANTWRITE);
815 SSL_WantRead(UNUSED const CONNECTION *c)
819 SSL_WantWrite(UNUSED const CONNECTION *c)
826 * "Main Loop": Loop until shutdown or restart is signalled.
828 * This function loops until a shutdown or restart of ngIRCd is signalled and
829 * calls io_dispatch() to check for readable and writable sockets every second.
830 * It checks for status changes on pending connections (e. g. when a hostname
831 * has been resolved), checks for "penalties" and timeouts, and handles the
838 unsigned int wdatalen, bytes_processed;
842 while (!NGIRCd_SignalQuit && !NGIRCd_SignalRestart) {
845 /* Check configured servers and established links */
849 /* Expire outdated class/list items */
852 /* Look for non-empty read buffers ... */
853 for (i = 0; i < Pool_Size; i++) {
854 if ((My_Connections[i].sock > NONE)
855 && (array_bytes(&My_Connections[i].rbuf) > 0)) {
856 /* ... and try to handle the received data */
857 bytes_processed = Handle_Buffer(i);
858 /* if we processed data, and there might be
859 * more commands in the input buffer, do not
860 * try to read any more data now */
861 if (bytes_processed &&
862 array_bytes(&My_Connections[i].rbuf) > 2) {
864 ("Throttling connection %d: command limit reached!",
866 Conn_SetPenalty(i, 1);
871 /* Look for non-empty write buffers ... */
872 for (i = 0; i < Pool_Size; i++) {
873 if (My_Connections[i].sock <= NONE)
876 wdatalen = (unsigned int)array_bytes(&My_Connections[i].wbuf);
879 array_bytes(&My_Connections[i].zip.wbuf) > 0)
884 if (SSL_WantRead(&My_Connections[i]))
886 io_event_add(My_Connections[i].sock,
891 /* Check from which sockets we possibly could read ... */
892 for (i = 0; i < Pool_Size; i++) {
893 if (My_Connections[i].sock <= NONE)
896 if (SSL_WantWrite(&My_Connections[i]))
897 continue; /* TLS/SSL layer needs to write data; deal with this first */
899 if (Proc_InProgress(&My_Connections[i].proc_stat)) {
900 /* Wait for completion of forked subprocess
901 * and ignore the socket in the meantime ... */
902 io_event_del(My_Connections[i].sock,
907 if (Conn_OPTION_ISSET(&My_Connections[i], CONN_ISCONNECTING))
908 /* Wait for completion of connect() ... */
911 if (My_Connections[i].delaytime > t) {
912 /* There is a "penalty time" set: ignore socket! */
913 io_event_del(My_Connections[i].sock,
918 io_event_add(My_Connections[i].sock, IO_WANTREAD);
921 /* Set the timeout for reading from the network to 1 second,
922 * which is the granularity with witch we handle "penalty
923 * times" for example.
924 * Note: tv_sec/usec are undefined(!) after io_dispatch()
925 * returns, so we have to set it before each call to it! */
929 /* Wait for activity ... */
930 i = io_dispatch(&tv);
931 if (i == -1 && errno != EINTR) {
932 Log(LOG_EMERG, "Conn_Handler(): io_dispatch(): %s!",
934 Log(LOG_ALERT, "%s exiting due to fatal errors!",
939 /* Should ngIRCd timeout when idle? */
940 if (Conf_IdleTimeout > 0 && NumConnectionsAccepted > 0
941 && idle_t > 0 && time(NULL) - idle_t >= Conf_IdleTimeout) {
942 LogDebug("Server idle timeout reached: %d second%s. Initiating shutdown ...",
944 Conf_IdleTimeout == 1 ? "" : "s");
945 NGIRCd_SignalQuit = true;
949 if (NGIRCd_SignalQuit)
950 Log(LOG_NOTICE | LOG_snotice, "Server going down NOW!");
951 else if (NGIRCd_SignalRestart)
952 Log(LOG_NOTICE | LOG_snotice, "Server restarting NOW!");
957 * Write a text string into the socket of a connection.
959 * This function automatically appends CR+LF to the string and validates that
960 * the result is a valid IRC message (oversized messages are shortened, for
961 * example). Then it calls the Conn_Write() function to do the actual sending.
963 * @param Idx Index fo the connection.
964 * @param Format Format string, see printf().
965 * @returns true on success, false otherwise.
969 Conn_WriteStr(CONN_ID Idx, const char *Format, ...)
972 Conn_WriteStr(Idx, Format, va_alist)
978 char buffer[COMMAND_LEN];
986 assert( Idx > NONE );
987 assert( Format != NULL );
990 va_start( ap, Format );
994 if (vsnprintf( buffer, COMMAND_LEN - 2, Format, ap ) >= COMMAND_LEN - 2 ) {
996 * The string that should be written to the socket is longer
997 * than the allowed size of COMMAND_LEN bytes (including both
998 * the CR and LF characters). This can be caused by the
999 * IRC_WriteXXX() functions when the prefix of this server had
1000 * to be added to an already "quite long" command line which
1001 * has been received from a regular IRC client, for example.
1003 * We are not allowed to send such "oversized" messages to
1004 * other servers and clients, see RFC 2812 2.3 and 2813 3.3
1005 * ("these messages SHALL NOT exceed 512 characters in length,
1006 * counting all characters including the trailing CR-LF").
1008 * So we have a big problem here: we should send more bytes
1009 * to the network than we are allowed to and we don't know
1010 * the originator (any more). The "old" behavior of blaming
1011 * the receiver ("next hop") is a bad idea (it could be just
1012 * an other server only routing the message!), so the only
1013 * option left is to shorten the string and to hope that the
1014 * result is still somewhat useful ...
1018 strcpy (buffer + sizeof(buffer) - strlen(CUT_TXTSUFFIX) - 2 - 1,
1023 ptr = strchr(buffer + 1, ':');
1026 message = Conn_EncodingTo(Idx, ptr);
1028 strlcpy(ptr, message, sizeof(buffer) - (ptr - buffer));
1034 Log(LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer);
1037 len = strlcat( buffer, "\r\n", sizeof( buffer ));
1038 ok = Conn_Write(Idx, buffer, len);
1039 My_Connections[Idx].msg_out++;
1043 } /* Conn_WriteStr */
1046 Conn_Password( CONN_ID Idx )
1048 assert( Idx > NONE );
1049 if (My_Connections[Idx].pwd == NULL)
1052 return My_Connections[Idx].pwd;
1053 } /* Conn_Password */
1056 Conn_SetPassword( CONN_ID Idx, const char *Pwd )
1058 assert( Idx > NONE );
1060 if (My_Connections[Idx].pwd)
1061 free(My_Connections[Idx].pwd);
1063 My_Connections[Idx].pwd = strdup(Pwd);
1064 if (My_Connections[Idx].pwd == NULL) {
1065 Log(LOG_EMERG, "Can't allocate memory! [Conn_SetPassword]");
1068 } /* Conn_SetPassword */
1071 * Append Data to the outbound write buffer of a connection.
1073 * @param Idx Index of the connection.
1074 * @param Data pointer to the data.
1075 * @param Len length of Data.
1076 * @returns true on success, false otherwise.
1079 Conn_Write( CONN_ID Idx, char *Data, size_t Len )
1082 size_t writebuf_limit = WRITEBUFFER_MAX_LEN;
1083 assert( Idx > NONE );
1084 assert( Data != NULL );
1087 /* Is the socket still open? A previous call to Conn_Write()
1088 * may have closed the connection due to a fatal error.
1089 * In this case it is sufficient to return an error, as well. */
1090 if (My_Connections[Idx].sock <= NONE) {
1091 LogDebug("Skipped write on closed socket (connection %d).", Idx);
1095 /* Make sure that there still exists a CLIENT structure associated
1096 * with this connection and check if this is a server or not: */
1097 c = Conn_GetClient(Idx);
1099 /* Servers do get special write buffer limits, so they can
1100 * generate all the messages that are required while peering. */
1101 if (Client_Type(c) == CLIENT_SERVER)
1102 writebuf_limit = WRITEBUFFER_SLINK_LEN;
1104 LogDebug("Write on socket without client (connection %d)!?", Idx);
1107 if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP )) {
1109 * Zip_Buffer() does all the dirty work for us: it flushes
1110 * the (pre-)compression buffers if required and handles
1111 * all error conditions. */
1112 if (!Zip_Buffer(Idx, Data, Len))
1118 /* Uncompressed link:
1119 * Check if outbound buffer has enough space for the data. */
1120 if (array_bytes(&My_Connections[Idx].wbuf) + Len >=
1121 WRITEBUFFER_FLUSH_LEN) {
1122 /* Buffer is full, flush it. Handle_Write deals with
1123 * low-level errors, if any. */
1124 if (!Handle_Write(Idx))
1128 /* When the write buffer is still too big after flushing it,
1129 * the connection will be killed. */
1130 if (array_bytes(&My_Connections[Idx].wbuf) + Len >=
1133 "Write buffer space exhausted (connection %d, limit is %lu bytes, %lu bytes new, %lu bytes pending)",
1134 Idx, writebuf_limit, Len,
1135 (unsigned long)array_bytes(&My_Connections[Idx].wbuf));
1136 Conn_Close(Idx, "Write buffer space exhausted", NULL, false);
1140 /* Copy data to write buffer */
1141 if (!array_catb(&My_Connections[Idx].wbuf, Data, Len))
1144 My_Connections[Idx].bytes_out += Len;
1147 /* Adjust global write counter */
1155 * Shut down a connection.
1157 * @param Idx Connection index.
1158 * @param LogMsg Message to write to the log or NULL. If no LogMsg
1159 * is given, the FwdMsg is logged.
1160 * @param FwdMsg Message to forward to remote servers.
1161 * @param InformClient If true, inform the client on the connection which is
1162 * to be shut down of the reason (FwdMsg) and send
1163 * connection statistics before disconnecting it.
1166 Conn_Close( CONN_ID Idx, const char *LogMsg, const char *FwdMsg, bool InformClient )
1168 /* Close connection. Open pipes of asynchronous resolver
1169 * sub-processes are closed down. */
1175 double in_z_k, out_z_k;
1179 assert( Idx > NONE );
1181 /* Is this link already shutting down? */
1182 if( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ISCLOSING )) {
1183 /* Conn_Close() has been called recursively for this link;
1184 * probabe reason: Handle_Write() failed -- see below. */
1185 LogDebug("Recursive request to close connection: %d", Idx );
1189 assert( My_Connections[Idx].sock > NONE );
1191 /* Mark link as "closing" */
1192 Conn_OPTION_ADD( &My_Connections[Idx], CONN_ISCLOSING );
1194 port = ng_ipaddr_getport(&My_Connections[Idx].addr);
1195 Log(LOG_INFO, "Shutting down connection %d (%s) with \"%s:%d\" ...", Idx,
1196 LogMsg ? LogMsg : FwdMsg, My_Connections[Idx].host, port);
1198 /* Search client, if any */
1199 c = Conn_GetClient( Idx );
1201 /* Should the client be informed? */
1204 /* Send statistics to client if registered as user: */
1205 if ((c != NULL) && (Client_Type(c) == CLIENT_USER)) {
1207 ":%s NOTICE %s :%sConnection statistics: client %.1f kb, server %.1f kb.",
1208 Client_ID(Client_ThisServer()), Client_ID(c),
1210 (double)My_Connections[Idx].bytes_in / 1024,
1211 (double)My_Connections[Idx].bytes_out / 1024);
1214 /* Send ERROR to client (see RFC 2812, section 3.1.7) */
1216 Conn_WriteStr(Idx, "ERROR :%s", FwdMsg);
1218 Conn_WriteStr(Idx, "ERROR :Closing connection");
1221 /* Try to write out the write buffer. Note: Handle_Write() eventually
1222 * removes the CLIENT structure associated with this connection if an
1223 * error occurs! So we have to re-check if there is still an valid
1224 * CLIENT structure after calling Handle_Write() ...*/
1225 (void)Handle_Write( Idx );
1227 /* Search client, if any (re-check!) */
1228 c = Conn_GetClient( Idx );
1230 if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_SSL )) {
1231 LogDebug("SSL connection %d shutting down ...", Idx);
1232 ConnSSL_Free(&My_Connections[Idx]);
1235 /* Shut down socket */
1236 if (! io_close(My_Connections[Idx].sock)) {
1237 /* Oops, we can't close the socket!? This is ... ugly! */
1239 "Error closing connection %d (socket %d) with %s:%d - %s! (ignored)",
1240 Idx, My_Connections[Idx].sock, My_Connections[Idx].host,
1241 port, strerror(errno));
1244 /* Mark socket as invalid: */
1245 My_Connections[Idx].sock = NONE;
1247 /* If there is still a client, unregister it now */
1249 Client_Destroy(c, LogMsg, FwdMsg, true);
1251 /* Calculate statistics and log information */
1252 in_k = (double)My_Connections[Idx].bytes_in / 1024;
1253 out_k = (double)My_Connections[Idx].bytes_out / 1024;
1255 if (Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP)) {
1256 in_z_k = (double)My_Connections[Idx].zip.bytes_in / 1024;
1257 out_z_k = (double)My_Connections[Idx].zip.bytes_out / 1024;
1258 /* Make sure that no division by zero can occur during
1259 * the calculation of in_p and out_p: in_z_k and out_z_k
1260 * are non-zero, that's guaranteed by the protocol until
1261 * compression can be enabled. */
1266 in_p = (int)(( in_k * 100 ) / in_z_k );
1267 out_p = (int)(( out_k * 100 ) / out_z_k );
1269 "Connection %d with \"%s:%d\" closed (in: %.1fk/%.1fk/%d%%, out: %.1fk/%.1fk/%d%%).",
1270 Idx, My_Connections[Idx].host, port,
1271 in_k, in_z_k, in_p, out_k, out_z_k, out_p);
1277 "Connection %d with \"%s:%d\" closed (in: %.1fk, out: %.1fk).",
1278 Idx, My_Connections[Idx].host, port,
1282 /* Servers: Modify time of next connect attempt? */
1283 Conf_UnsetServer( Idx );
1286 /* Clean up zlib, if link was compressed */
1287 if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP )) {
1288 inflateEnd( &My_Connections[Idx].zip.in );
1289 deflateEnd( &My_Connections[Idx].zip.out );
1290 array_free(&My_Connections[Idx].zip.rbuf);
1291 array_free(&My_Connections[Idx].zip.wbuf);
1295 array_free(&My_Connections[Idx].rbuf);
1296 array_free(&My_Connections[Idx].wbuf);
1297 if (My_Connections[Idx].pwd != NULL)
1298 free(My_Connections[Idx].pwd);
1300 /* Clean up connection structure (=free it) */
1301 Init_Conn_Struct( Idx );
1303 assert(NumConnections > 0);
1306 LogDebug("Shutdown of connection %d completed, %ld connection%s left.",
1307 Idx, NumConnections, NumConnections != 1 ? "s" : "");
1309 idle_t = NumConnections > 0 ? 0 : time(NULL);
1314 * Get current number of connections.
1316 * @returns Number of current connections.
1321 return NumConnections;
1326 * Get number of maximum simultaneous connections.
1328 * @returns Number of maximum simultaneous connections.
1333 return NumConnectionsMax;
1334 } /* Conn_CountMax */
1338 * Get number of connections accepted since the daemon startet.
1340 * @returns Number of connections accepted.
1343 Conn_CountAccepted(void)
1345 return NumConnectionsAccepted;
1346 } /* Conn_CountAccepted */
1350 * Synchronize established connections and configured server structures
1351 * after a configuration update and store the correct connection IDs, if any.
1354 Conn_SyncServerStruct(void)
1360 for (i = 0; i < Pool_Size; i++) {
1361 if (My_Connections[i].sock == NONE)
1365 client = Conn_GetClient(i);
1366 if (!client || Client_Type(client) != CLIENT_SERVER)
1369 for (c = 0; c < MAX_SERVERS; c++) {
1370 /* Configured server? */
1371 if (!Conf_Server[c].host[0])
1374 if (strcasecmp(Conf_Server[c].name, Client_ID(client)) == 0)
1375 Conf_Server[c].conn_id = i;
1378 } /* SyncServerStruct */
1382 * Get IP address string of a connection.
1384 * @param Idx Connection index.
1385 * @return Pointer to a global buffer containing the IP address as string.
1388 Conn_GetIPAInfo(CONN_ID Idx)
1391 return ng_ipaddr_tostr(&My_Connections[Idx].addr);
1396 * Send out data of write buffer; connect new sockets.
1398 * @param Idx Connection index.
1399 * @returns true on success, false otherwise.
1402 Handle_Write( CONN_ID Idx )
1407 assert( Idx > NONE );
1408 if ( My_Connections[Idx].sock < 0 ) {
1409 LogDebug("Handle_Write() on closed socket, connection %d", Idx);
1412 assert( My_Connections[Idx].sock > NONE );
1414 wdatalen = array_bytes(&My_Connections[Idx].wbuf );
1417 if (wdatalen == 0) {
1418 /* Write buffer is empty, so we try to flush the compression
1419 * buffer and get some data to work with from there :-) */
1420 if (!Zip_Flush(Idx))
1423 /* Now the write buffer most probably has changed: */
1424 wdatalen = array_bytes(&My_Connections[Idx].wbuf);
1428 if (wdatalen == 0) {
1429 /* Still no data, fine. */
1430 io_event_del(My_Connections[Idx].sock, IO_WANTWRITE );
1436 ("Handle_Write() called for connection %d, %ld bytes pending ...",
1441 if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_SSL )) {
1442 len = ConnSSL_Write(&My_Connections[Idx], array_start(&My_Connections[Idx].wbuf), wdatalen);
1446 len = write(My_Connections[Idx].sock,
1447 array_start(&My_Connections[Idx].wbuf), wdatalen );
1450 if (errno == EAGAIN || errno == EINTR)
1453 Log(LOG_ERR, "Write error on connection %d (socket %d): %s!",
1454 Idx, My_Connections[Idx].sock, strerror(errno));
1455 Conn_Close(Idx, "Write error", NULL, false);
1459 /* move any data not yet written to beginning */
1460 array_moveleft(&My_Connections[Idx].wbuf, 1, (size_t)len);
1463 } /* Handle_Write */
1467 * Count established connections to a specific IP address.
1469 * @returns Number of established connections.
1472 Count_Connections(ng_ipaddr_t *a)
1477 for (i = 0; i < Pool_Size; i++) {
1478 if (My_Connections[i].sock <= NONE)
1480 if (ng_ipaddr_ipequal(&My_Connections[i].addr, a))
1484 } /* Count_Connections */
1488 * Initialize new client connection on a listening socket.
1490 * @param Sock Listening socket descriptor.
1491 * @param IsSSL true if this socket expects SSL-encrypted data.
1492 * @returns Accepted socket descriptor or -1 on error.
1495 New_Connection(int Sock, UNUSED bool IsSSL)
1498 struct request_info req;
1500 ng_ipaddr_t new_addr;
1501 char ip_str[NG_INET_ADDRSTRLEN];
1502 int new_sock, new_sock_len;
1506 assert(Sock > NONE);
1508 LogDebug("Accepting new connection on socket %d ...", Sock);
1510 new_sock_len = (int)sizeof(new_addr);
1511 new_sock = accept(Sock, (struct sockaddr *)&new_addr,
1512 (socklen_t *)&new_sock_len);
1514 Log(LOG_CRIT, "Can't accept connection: %s!", strerror(errno));
1517 NumConnectionsAccepted++;
1519 if (!ng_ipaddr_tostr_r(&new_addr, ip_str)) {
1520 Log(LOG_CRIT, "fd %d: Can't convert IP address!", new_sock);
1521 Simple_Message(new_sock, "ERROR :Internal Server Error");
1527 /* Validate socket using TCP Wrappers */
1528 request_init(&req, RQ_DAEMON, PACKAGE_NAME, RQ_FILE, new_sock,
1529 RQ_CLIENT_SIN, &new_addr, NULL);
1531 if (!hosts_access(&req)) {
1533 "Refused connection from %s (by TCP Wrappers)!", ip_str);
1534 Simple_Message(new_sock, "ERROR :Connection refused");
1540 if (!Init_Socket(new_sock))
1543 /* Check global connection limit */
1544 if ((Conf_MaxConnections > 0) &&
1545 (NumConnections >= (size_t) Conf_MaxConnections)) {
1546 Log(LOG_ALERT, "Can't accept connection: limit (%d) reached!",
1547 Conf_MaxConnections);
1548 Simple_Message(new_sock, "ERROR :Connection limit reached");
1553 /* Check IP-based connection limit */
1554 cnt = Count_Connections(&new_addr);
1555 if ((Conf_MaxConnectionsIP > 0) && (cnt >= Conf_MaxConnectionsIP)) {
1556 /* Access denied, too many connections from this IP address! */
1558 "Refused connection from %s: too may connections (%ld) from this IP address!",
1560 Simple_Message(new_sock,
1561 "ERROR :Connection refused, too many connections from your IP address");
1566 if (new_sock >= Pool_Size) {
1567 if (!array_alloc(&My_ConnArray, sizeof(CONNECTION),
1568 (size_t) new_sock)) {
1570 "Can't allocate memory! [New_Connection]");
1571 Simple_Message(new_sock, "ERROR: Internal error");
1575 LogDebug("Bumped connection pool to %ld items (internal: %ld items, %ld bytes)",
1576 new_sock, array_length(&My_ConnArray,
1577 sizeof(CONNECTION)), array_bytes(&My_ConnArray));
1579 /* Adjust pointer to new block */
1580 My_Connections = array_start(&My_ConnArray);
1581 while (Pool_Size <= new_sock)
1582 Init_Conn_Struct(Pool_Size++);
1585 /* register callback */
1586 if (!io_event_create(new_sock, IO_WANTREAD, cb_clientserver)) {
1588 "Can't accept connection: io_event_create failed!");
1589 Simple_Message(new_sock, "ERROR :Internal error");
1594 c = Client_NewLocal(new_sock, NULL, CLIENT_UNKNOWN, false);
1597 "Can't accept connection: can't create client structure!");
1598 Simple_Message(new_sock, "ERROR :Internal error");
1603 Init_Conn_Struct(new_sock);
1604 My_Connections[new_sock].sock = new_sock;
1605 My_Connections[new_sock].addr = new_addr;
1606 My_Connections[new_sock].client = c;
1608 /* Set initial hostname to IP address. This becomes overwritten when
1609 * the DNS lookup is enabled and succeeds, but is used otherwise. */
1610 if (ng_ipaddr_af(&new_addr) != AF_INET)
1611 snprintf(My_Connections[new_sock].host,
1612 sizeof(My_Connections[new_sock].host), "[%s]", ip_str);
1614 strlcpy(My_Connections[new_sock].host, ip_str,
1615 sizeof(My_Connections[new_sock].host));
1617 Client_SetHostname(c, My_Connections[new_sock].host);
1619 Log(LOG_INFO, "Accepted connection %d from \"%s:%d\" on socket %d.",
1620 new_sock, My_Connections[new_sock].host,
1621 ng_ipaddr_getport(&new_addr), Sock);
1622 Account_Connection();
1625 /* Delay connection initalization until SSL handshake is finished */
1628 Conn_StartLogin(new_sock);
1631 } /* New_Connection */
1635 * Finish connection initialization, start resolver subprocess.
1637 * @param Idx Connection index.
1640 Conn_StartLogin(CONN_ID Idx)
1642 int ident_sock = -1;
1646 /* Nothing to do if DNS (and resolver subprocess) is disabled */
1651 /* Should we make an IDENT request? */
1653 ident_sock = My_Connections[Idx].sock;
1656 if (Conf_NoticeAuth) {
1657 /* Send "NOTICE AUTH" messages to the client */
1660 (void)Conn_WriteStr(Idx,
1661 "NOTICE AUTH :*** Looking up your hostname and checking ident");
1664 (void)Conn_WriteStr(Idx,
1665 "NOTICE AUTH :*** Looking up your hostname");
1666 (void)Handle_Write(Idx);
1669 Resolve_Addr(&My_Connections[Idx].proc_stat, &My_Connections[Idx].addr,
1670 ident_sock, cb_Read_Resolver_Result);
1675 * Update global connection counters.
1678 Account_Connection(void)
1682 if (NumConnections > NumConnectionsMax)
1683 NumConnectionsMax = NumConnections;
1684 LogDebug("Total number of connections now %lu (max %lu).",
1685 NumConnections, NumConnectionsMax);
1686 } /* Account_Connection */
1690 * Translate socket handle into connection index.
1692 * @param Sock Socket handle.
1693 * @returns Connecion index or NONE, if no connection could be found.
1696 Socket2Index( int Sock )
1698 assert( Sock >= 0 );
1700 if( Sock >= Pool_Size || My_Connections[Sock].sock != Sock ) {
1701 /* the Connection was already closed again, likely due to
1703 LogDebug("Socket2Index: can't get connection for socket %d!", Sock);
1707 } /* Socket2Index */
1711 * Read data from the network to the read buffer. If an error occurs,
1712 * the socket of this connection will be shut down.
1714 * @param Idx Connection index.
1717 Read_Request( CONN_ID Idx )
1720 static const unsigned int maxbps = COMMAND_LEN / 2;
1721 char readbuf[READBUFFER_LEN];
1724 assert( Idx > NONE );
1725 assert( My_Connections[Idx].sock > NONE );
1728 if ((array_bytes(&My_Connections[Idx].rbuf) >= READBUFFER_LEN) ||
1729 (array_bytes(&My_Connections[Idx].zip.rbuf) >= READBUFFER_LEN))
1731 if (array_bytes(&My_Connections[Idx].rbuf) >= READBUFFER_LEN)
1734 /* Read buffer is full */
1736 "Receive buffer space exhausted (connection %d): %d bytes",
1737 Idx, array_bytes(&My_Connections[Idx].rbuf));
1738 Conn_Close(Idx, "Receive buffer space exhausted", NULL, false);
1743 if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL))
1744 len = ConnSSL_Read( &My_Connections[Idx], readbuf, sizeof(readbuf));
1747 len = read(My_Connections[Idx].sock, readbuf, sizeof(readbuf));
1749 LogDebug("Client \"%s:%u\" is closing connection %d ...",
1750 My_Connections[Idx].host,
1751 ng_ipaddr_tostr(&My_Connections[Idx].addr), Idx);
1752 Conn_Close(Idx, NULL, "Client closed connection", false);
1757 if( errno == EAGAIN ) return;
1758 Log(LOG_ERR, "Read error on connection %d (socket %d): %s!",
1759 Idx, My_Connections[Idx].sock, strerror(errno));
1760 Conn_Close(Idx, "Read error", "Client closed connection",
1765 if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_ZIP)) {
1766 if (!array_catb(&My_Connections[Idx].zip.rbuf, readbuf,
1769 "Could not append received data to zip input buffer (connection %d): %d bytes!",
1771 Conn_Close(Idx, "Receive buffer space exhausted", NULL,
1778 if (!array_catb( &My_Connections[Idx].rbuf, readbuf, len)) {
1780 "Could not append received data to input buffer (connection %d): %d bytes!",
1782 Conn_Close(Idx, "Receive buffer space exhausted", NULL, false );
1786 /* Update connection statistics */
1787 My_Connections[Idx].bytes_in += len;
1788 My_Connections[Idx].bps += Handle_Buffer(Idx);
1790 /* Make sure that there is still a valid client registered */
1791 c = Conn_GetClient(Idx);
1795 /* Update timestamp of last data received if this connection is
1796 * registered as a user, server or service connection. Don't update
1797 * otherwise, so users have at least Conf_PongTimeout seconds time to
1798 * register with the IRC server -- see Check_Connections().
1799 * Update "lastping", too, if time shifted backwards ... */
1800 if (Client_Type(c) == CLIENT_USER
1801 || Client_Type(c) == CLIENT_SERVER
1802 || Client_Type(c) == CLIENT_SERVICE) {
1804 if (My_Connections[Idx].lastdata != t)
1805 My_Connections[Idx].bps = 0;
1807 My_Connections[Idx].lastdata = t;
1808 if (My_Connections[Idx].lastping > t)
1809 My_Connections[Idx].lastping = t;
1812 /* Look at the data in the (read-) buffer of this connection */
1813 if (Client_Type(c) != CLIENT_SERVER
1814 && Client_Type(c) != CLIENT_UNKNOWNSERVER
1815 && Client_Type(c) != CLIENT_SERVICE
1816 && My_Connections[Idx].bps >= maxbps) {
1817 LogDebug("Throttling connection %d: BPS exceeded! (%u >= %u)",
1818 Idx, My_Connections[Idx].bps, maxbps);
1819 Conn_SetPenalty(Idx, 1);
1821 } /* Read_Request */
1825 * Handle all data in the connection read-buffer.
1827 * Data is processed until no complete command is left in the read buffer,
1828 * or MAX_COMMANDS[_SERVER|_SERVICE] commands were processed.
1829 * When a fatal error occurs, the connection is shut down.
1831 * @param Idx Index of the connection.
1832 * @returns Number of bytes processed.
1835 Handle_Buffer(CONN_ID Idx)
1838 char *ptr1, *ptr2, *first_eol;
1846 unsigned int i, maxcmd = MAX_COMMANDS, len_processed = 0;
1849 c = Conn_GetClient(Idx);
1850 starttime = time(NULL);
1854 /* Servers get special command limits that depend on the user count */
1855 switch (Client_Type(c)) {
1857 maxcmd = (int)(Client_UserCount() / 5)
1858 + MAX_COMMANDS_SERVER_MIN;
1859 /* Allow servers to handle even more commands while peering
1860 * to speed up server login and network synchronization. */
1861 if (Conn_LastPing(Idx) == 0)
1864 case CLIENT_SERVICE:
1865 maxcmd = MAX_COMMANDS_SERVICE; break;
1868 for (i=0; i < maxcmd; i++) {
1870 if (My_Connections[Idx].delaytime > starttime)
1873 /* Unpack compressed data, if compression is in use */
1874 if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_ZIP)) {
1875 /* When unzipping fails, Unzip_Buffer() shuts
1876 * down the connection itself */
1877 if (!Unzip_Buffer(Idx))
1882 if (0 == array_bytes(&My_Connections[Idx].rbuf))
1885 /* Make sure that the buffer is NULL terminated */
1886 if (!array_cat0_temporary(&My_Connections[Idx].rbuf)) {
1887 Conn_Close(Idx, NULL,
1888 "Can't allocate memory [Handle_Buffer]",
1893 /* RFC 2812, section "2.3 Messages", 5th paragraph:
1894 * "IRC messages are always lines of characters terminated
1895 * with a CR-LF (Carriage Return - Line Feed) pair [...]". */
1897 ptr = strstr(array_start(&My_Connections[Idx].rbuf), "\r\n");
1900 /* Check for non-RFC-compliant request (only CR or LF)?
1901 * Unfortunately, there are quite a few clients out there
1902 * that do this -- e. g. mIRC, BitchX, and Trillian :-( */
1903 ptr1 = strchr(array_start(&My_Connections[Idx].rbuf), '\r');
1904 ptr2 = strchr(array_start(&My_Connections[Idx].rbuf), '\n');
1906 /* Check if there is a single CR or LF _before_ the
1907 * corerct CR+LF line terminator: */
1908 first_eol = ptr1 < ptr2 ? ptr1 : ptr2;
1909 if (first_eol < ptr) {
1910 /* Single CR or LF before CR+LF found */
1914 } else if (ptr1 || ptr2) {
1915 /* No CR+LF terminated command found, but single
1916 * CR or LF found ... */
1918 ptr = ptr1 < ptr2 ? ptr1 : ptr2;
1920 ptr = ptr1 ? ptr1 : ptr2;
1928 /* Complete (=line terminated) request found, handle it! */
1931 len = ptr - (char *)array_start(&My_Connections[Idx].rbuf) + delta;
1933 if (len > (COMMAND_LEN - 1)) {
1934 /* Request must not exceed 512 chars (incl. CR+LF!),
1935 * see RFC 2812. Disconnect Client if this happens. */
1937 "Request too long (connection %d): %d bytes (max. %d expected)!",
1938 Idx, array_bytes(&My_Connections[Idx].rbuf),
1940 Conn_Close(Idx, NULL, "Request too long", true);
1944 len_processed += (unsigned int)len;
1946 /* Request is empty (only '\r\n', '\r' or '\n');
1947 * delta is 2 ('\r\n') or 1 ('\r' or '\n'), see above */
1948 array_moveleft(&My_Connections[Idx].rbuf, 1, len);
1952 /* remember if stream is already compressed */
1953 old_z = My_Connections[Idx].options & CONN_ZIP;
1956 My_Connections[Idx].msg_in++;
1958 (Idx, (char *)array_start(&My_Connections[Idx].rbuf)))
1959 return 0; /* error -> connection has been closed */
1961 array_moveleft(&My_Connections[Idx].rbuf, 1, len);
1963 LogDebug("Connection %d: %d bytes left in read buffer.",
1964 Idx, array_bytes(&My_Connections[Idx].rbuf));
1967 if ((!old_z) && (My_Connections[Idx].options & CONN_ZIP) &&
1968 (array_bytes(&My_Connections[Idx].rbuf) > 0)) {
1969 /* The last command activated socket compression.
1970 * Data that was read after that needs to be copied
1971 * to the unzip buffer for decompression: */
1973 (&My_Connections[Idx].zip.rbuf,
1974 &My_Connections[Idx].rbuf)) {
1975 Conn_Close(Idx, NULL,
1976 "Can't allocate memory [Handle_Buffer]",
1981 array_trunc(&My_Connections[Idx].rbuf);
1983 ("Moved already received data (%u bytes) to uncompression buffer.",
1984 array_bytes(&My_Connections[Idx].zip.rbuf));
1988 return len_processed;
1989 } /* Handle_Buffer */
1993 * Check whether established connections are still alive or not.
1994 * If not, play PING-PONG first; and if that doesn't help either,
1995 * disconnect the respective peer.
1998 Check_Connections(void)
2004 for (i = 0; i < Pool_Size; i++) {
2005 if (My_Connections[i].sock < 0)
2008 c = Conn_GetClient(i);
2009 if (c && ((Client_Type(c) == CLIENT_USER)
2010 || (Client_Type(c) == CLIENT_SERVER)
2011 || (Client_Type(c) == CLIENT_SERVICE))) {
2012 /* connected User, Server or Service */
2013 if (My_Connections[i].lastping >
2014 My_Connections[i].lastdata) {
2015 /* We already sent a ping */
2016 if (My_Connections[i].lastping <
2017 time(NULL) - Conf_PongTimeout) {
2019 snprintf(msg, sizeof(msg),
2020 "Ping timeout: %d seconds",
2022 LogDebug("Connection %d: %s.", i, msg);
2023 Conn_Close(i, NULL, msg, true);
2025 } else if (My_Connections[i].lastdata <
2026 time(NULL) - Conf_PingTimeout) {
2027 /* We need to send a PING ... */
2028 LogDebug("Connection %d: sending PING ...", i);
2030 Conn_WriteStr(i, "PING :%s",
2031 Client_ID(Client_ThisServer()));
2034 /* The connection is not fully established yet, so
2035 * we don't do the PING-PONG game here but instead
2036 * disconnect the client after "a short time" if it's
2037 * still not registered. */
2039 if (My_Connections[i].lastdata <
2040 time(NULL) - Conf_PongTimeout) {
2042 ("Unregistered connection %d timed out ...",
2044 Conn_Close(i, NULL, "Timeout", false);
2048 } /* Check_Connections */
2052 * Check if further server links should be established.
2060 time_now = time(NULL);
2062 /* Check all configured servers */
2063 for (i = 0; i < MAX_SERVERS; i++) {
2064 if (Conf_Server[i].conn_id != NONE)
2065 continue; /* Already establishing or connected */
2066 if (!Conf_Server[i].host[0] || !Conf_Server[i].port > 0)
2067 continue; /* No host and/or port configured */
2068 if (Conf_Server[i].flags & CONF_SFLAG_DISABLED)
2069 continue; /* Disabled configuration entry */
2070 if (Conf_Server[i].lasttry > (time_now - Conf_ConnectRetry))
2071 continue; /* We have to wait a little bit ... */
2073 /* Is there already a connection in this group? */
2074 if (Conf_Server[i].group > NONE) {
2075 for (n = 0; n < MAX_SERVERS; n++) {
2078 if ((Conf_Server[n].conn_id != NONE) &&
2079 (Conf_Server[n].group == Conf_Server[i].group))
2082 if (n < MAX_SERVERS)
2086 /* Okay, try to connect now */
2088 "Preparing to establish a new server link for \"%s\" ...",
2089 Conf_Server[i].name);
2090 Conf_Server[i].lasttry = time_now;
2091 Conf_Server[i].conn_id = SERVER_WAIT;
2092 assert(Proc_GetPipeFd(&Conf_Server[i].res_stat) < 0);
2093 Resolve_Name(&Conf_Server[i].res_stat, Conf_Server[i].host,
2094 cb_Connect_to_Server);
2096 } /* Check_Servers */
2100 * Establish a new outgoing server connection.
2102 * @param Server Configuration index of the server.
2103 * @param dest Destination IP address to connect to.
2106 New_Server( int Server , ng_ipaddr_t *dest)
2108 /* Establish new server link */
2109 char ip_str[NG_INET_ADDRSTRLEN];
2110 int af_dest, res, new_sock;
2113 assert( Server > NONE );
2115 /* Make sure that the remote server hasn't re-linked to this server
2116 * asynchronously on its own */
2117 if (Conf_Server[Server].conn_id > NONE) {
2119 "Connection to \"%s\" meanwhile re-established, aborting preparation.");
2123 if (!ng_ipaddr_tostr_r(dest, ip_str)) {
2124 Log(LOG_WARNING, "New_Server: Could not convert IP to string");
2128 af_dest = ng_ipaddr_af(dest);
2129 new_sock = socket(af_dest, SOCK_STREAM, 0);
2132 "Establishing connection for \"%s\" to \"%s:%d\" (%s), socket %d ...",
2133 Conf_Server[Server].name, Conf_Server[Server].host,
2134 Conf_Server[Server].port, ip_str, new_sock);
2137 Log(LOG_CRIT, "Can't create socket (af %d): %s!",
2138 af_dest, strerror(errno));
2142 if (!Init_Socket(new_sock))
2145 /* is a bind address configured? */
2146 res = ng_ipaddr_af(&Conf_Server[Server].bind_addr);
2147 /* if yes, bind now. If it fails, warn and let connect() pick a source address */
2148 if (res && bind(new_sock, (struct sockaddr *) &Conf_Server[Server].bind_addr,
2149 ng_ipaddr_salen(&Conf_Server[Server].bind_addr)))
2151 ng_ipaddr_tostr_r(&Conf_Server[Server].bind_addr, ip_str);
2152 Log(LOG_WARNING, "Can't bind socket to %s: %s!", ip_str, strerror(errno));
2154 ng_ipaddr_setport(dest, Conf_Server[Server].port);
2155 res = connect(new_sock, (struct sockaddr *) dest, ng_ipaddr_salen(dest));
2156 if(( res != 0 ) && ( errno != EINPROGRESS )) {
2157 Log( LOG_CRIT, "Can't connect socket: %s!", strerror( errno ));
2162 if (!array_alloc(&My_ConnArray, sizeof(CONNECTION), (size_t)new_sock)) {
2164 "Cannot allocate memory for server connection (socket %d)",
2170 if (!io_event_create( new_sock, IO_WANTWRITE, cb_connserver)) {
2171 Log(LOG_ALERT, "io_event_create(): could not add fd %d", strerror(errno));
2176 My_Connections = array_start(&My_ConnArray);
2178 assert(My_Connections[new_sock].sock <= 0);
2180 Init_Conn_Struct(new_sock);
2182 ng_ipaddr_tostr_r(dest, ip_str);
2183 c = Client_NewLocal(new_sock, ip_str, CLIENT_UNKNOWNSERVER, false);
2185 Log( LOG_ALERT, "Can't establish connection: can't create client structure!" );
2190 /* Conn_Close() decrements this counter again */
2191 Account_Connection();
2192 Client_SetIntroducer( c, c );
2193 Client_SetToken( c, TOKEN_OUTBOUND );
2195 /* Register connection */
2196 if (!Conf_SetServer(Server, new_sock))
2198 My_Connections[new_sock].sock = new_sock;
2199 My_Connections[new_sock].addr = *dest;
2200 My_Connections[new_sock].client = c;
2201 strlcpy( My_Connections[new_sock].host, Conf_Server[Server].host,
2202 sizeof(My_Connections[new_sock].host ));
2205 if (Conf_Server[Server].SSLConnect && !ConnSSL_PrepareConnect( &My_Connections[new_sock],
2206 &Conf_Server[Server] ))
2208 Log(LOG_ALERT, "Could not initialize SSL for outgoing connection");
2209 Conn_Close( new_sock, "Could not initialize SSL for outgoing connection", NULL, false );
2210 Init_Conn_Struct( new_sock );
2211 Conf_Server[Server].conn_id = NONE;
2215 LogDebug("Registered new connection %d on socket %d (%ld in total).",
2216 new_sock, My_Connections[new_sock].sock, NumConnections);
2217 Conn_OPTION_ADD( &My_Connections[new_sock], CONN_ISCONNECTING );
2222 * Initialize connection structure.
2224 * @param Idx Connection index.
2227 Init_Conn_Struct(CONN_ID Idx)
2229 time_t now = time(NULL);
2231 memset(&My_Connections[Idx], 0, sizeof(CONNECTION));
2232 My_Connections[Idx].sock = -1;
2233 My_Connections[Idx].signon = now;
2234 My_Connections[Idx].lastdata = now;
2235 My_Connections[Idx].lastprivmsg = now;
2236 Proc_InitStruct(&My_Connections[Idx].proc_stat);
2239 My_Connections[Idx].iconv_from = (iconv_t)(-1);
2240 My_Connections[Idx].iconv_to = (iconv_t)(-1);
2242 } /* Init_Conn_Struct */
2246 * Initialize options of a new socket.
2248 * For example, we try to set socket options SO_REUSEADDR and IPTOS_LOWDELAY.
2249 * The socket is automatically closed if a fatal error is encountered.
2251 * @param Sock Socket handle.
2252 * @returns false if socket was closed due to fatal error.
2255 Init_Socket( int Sock )
2259 if (!io_setnonblock(Sock)) {
2260 Log( LOG_CRIT, "Can't enable non-blocking mode for socket: %s!", strerror( errno ));
2265 /* Don't block this port after socket shutdown */
2267 if( setsockopt( Sock, SOL_SOCKET, SO_REUSEADDR, &value, (socklen_t)sizeof( value )) != 0 )
2269 Log( LOG_ERR, "Can't set socket option SO_REUSEADDR: %s!", strerror( errno ));
2270 /* ignore this error */
2273 /* Set type of service (TOS) */
2274 #if defined(IPPROTO_IP) && defined(IPTOS_LOWDELAY)
2275 value = IPTOS_LOWDELAY;
2276 if (setsockopt(Sock, IPPROTO_IP, IP_TOS, &value,
2277 (socklen_t) sizeof(value))) {
2278 LogDebug("Can't set socket option IP_TOS: %s!",
2280 /* ignore this error */
2282 LogDebug("IP_TOS on socket %d has been set to IPTOS_LOWDELAY.",
2291 * Read results of a resolver sub-process and try to initiate a new server
2294 * @param fd File descriptor of the pipe to the sub-process.
2295 * @param events (ignored IO specification)
2298 cb_Connect_to_Server(int fd, UNUSED short events)
2300 /* Read result of resolver sub-process from pipe and start connection */
2303 ng_ipaddr_t dest_addrs[4]; /* we can handle at most 3; but we read up to
2304 four so we can log the 'more than we can handle'
2305 condition. First result is tried immediately, rest
2306 is saved for later if needed. */
2308 LogDebug("Resolver: Got forward lookup callback on fd %d, events %d", fd, events);
2310 for (i=0; i < MAX_SERVERS; i++) {
2311 if (Proc_GetPipeFd(&Conf_Server[i].res_stat) == fd )
2315 if( i >= MAX_SERVERS) {
2316 /* Ops, no matching server found?! */
2318 LogDebug("Resolver: Got Forward Lookup callback for unknown server!?");
2322 /* Read result from pipe */
2323 len = Proc_Read(&Conf_Server[i].res_stat, dest_addrs, sizeof(dest_addrs));
2324 Proc_Close(&Conf_Server[i].res_stat);
2326 /* Error resolving hostname: reset server structure */
2327 Conf_Server[i].conn_id = NONE;
2331 assert((len % sizeof(ng_ipaddr_t)) == 0);
2333 LogDebug("Got result from resolver: %u structs (%u bytes).", len/sizeof(ng_ipaddr_t), len);
2335 memset(&Conf_Server[i].dst_addr, 0, sizeof(Conf_Server[i].dst_addr));
2336 if (len > sizeof(ng_ipaddr_t)) {
2337 /* more than one address for this hostname, remember them
2338 * in case first address is unreachable/not available */
2339 len -= sizeof(ng_ipaddr_t);
2340 if (len > sizeof(Conf_Server[i].dst_addr)) {
2341 len = sizeof(Conf_Server[i].dst_addr);
2343 "Notice: Resolver returned more IP Addresses for host than we can handle, additional addresses dropped.");
2345 memcpy(&Conf_Server[i].dst_addr, &dest_addrs[1], len);
2348 New_Server(i, dest_addrs);
2349 } /* cb_Read_Forward_Lookup */
2353 * Read results of a resolver sub-process from the pipe and update the
2354 * appropriate connection/client structure(s): hostname and/or IDENT user name.
2356 * @param r_fd File descriptor of the pipe to the sub-process.
2357 * @param events (ignored IO specification)
2360 cb_Read_Resolver_Result( int r_fd, UNUSED short events )
2367 char readbuf[HOST_LEN + 2 + CLIENT_USER_LEN];
2370 char readbuf[HOST_LEN + 1];
2373 LogDebug("Resolver: Got callback on fd %d, events %d", r_fd, events );
2374 i = Conn_GetFromProc(r_fd);
2376 /* Ops, none found? Probably the connection has already
2377 * been closed!? We'll ignore that ... */
2379 LogDebug("Resolver: Got callback for unknown connection!?");
2383 /* Read result from pipe */
2384 len = Proc_Read(&My_Connections[i].proc_stat, readbuf, sizeof readbuf -1);
2385 Proc_Close(&My_Connections[i].proc_stat);
2389 readbuf[len] = '\0';
2390 identptr = strchr(readbuf, '\n');
2391 assert(identptr != NULL);
2393 Log( LOG_CRIT, "Resolver: Got malformed result!");
2398 LogDebug("Got result from resolver: \"%s\" (%u bytes read).", readbuf, len);
2399 /* Okay, we got a complete result: this is a host name for outgoing
2400 * connections and a host name and IDENT user name (if enabled) for
2401 * incoming connections.*/
2402 assert ( My_Connections[i].sock >= 0 );
2403 /* Incoming connection. Search client ... */
2404 c = Conn_GetClient( i );
2405 assert( c != NULL );
2407 /* Only update client information of unregistered clients.
2408 * Note: user commands (e. g. WEBIRC) are always read _after_ reading
2409 * the resolver results, so we don't have to worry to override settings
2410 * from these commands here. */
2411 if(Client_Type(c) == CLIENT_UNKNOWN) {
2412 strlcpy(My_Connections[i].host, readbuf,
2413 sizeof(My_Connections[i].host));
2414 Client_SetHostname(c, readbuf);
2415 if (Conf_NoticeAuth)
2416 (void)Conn_WriteStr(i,
2417 "NOTICE AUTH :*** Found your hostname: %s",
2418 My_Connections[i].host);
2424 if ((*ptr < '0' || *ptr > '9') &&
2425 (*ptr < 'A' || *ptr > 'Z') &&
2426 (*ptr < 'a' || *ptr > 'z'))
2431 /* Erroneous IDENT reply */
2433 "Got invalid IDENT reply for connection %d! Ignored.",
2437 "IDENT lookup for connection %d: \"%s\".",
2439 Client_SetUser(c, identptr, true);
2441 if (Conf_NoticeAuth) {
2442 (void)Conn_WriteStr(i,
2443 "NOTICE AUTH :*** Got %sident response%s%s",
2444 *ptr ? "invalid " : "",
2446 *ptr ? "" : identptr);
2449 Log(LOG_INFO, "IDENT lookup for connection %d: no result.", i);
2450 if (Conf_NoticeAuth && Conf_Ident)
2451 (void)Conn_WriteStr(i,
2452 "NOTICE AUTH :*** No ident response");
2456 if (Conf_NoticeAuth)
2457 (void)Handle_Write(i);
2459 Class_HandleServerBans(c);
2462 else Log( LOG_DEBUG, "Resolver: discarding result for already registered connection %d.", i );
2464 } /* cb_Read_Resolver_Result */
2468 * Write a "simple" (error) message to a socket.
2470 * The message is sent without using the connection write buffers, without
2471 * compression/encryption, and even without any error reporting. It is
2472 * designed for error messages of e.g. New_Connection().
2474 * @param Sock Socket handle.
2475 * @param Msg Message string to send.
2478 Simple_Message(int Sock, const char *Msg)
2480 char buf[COMMAND_LEN];
2483 assert(Sock > NONE);
2484 assert(Msg != NULL);
2486 strlcpy(buf, Msg, sizeof buf - 2);
2487 len = strlcat(buf, "\r\n", sizeof buf);
2488 if (write(Sock, buf, len) < 0) {
2489 /* Because this function most probably got called to log
2490 * an error message, any write error is ignored here to
2491 * avoid an endless loop. But casting the result of write()
2492 * to "void" doesn't satisfy the GNU C code attribute
2493 * "warn_unused_result" which is used by some versions of
2494 * glibc (e.g. 2.11.1), therefore this silly error
2495 * "handling" code here :-( */
2498 } /* Simple_Error */
2502 * Get CLIENT structure that belongs to a local connection identified by its
2503 * index number. Each connection belongs to a client by definition, so it is
2504 * not required that the caller checks for NULL return values.
2506 * @param Idx Connection index number.
2507 * @returns Pointer to CLIENT structure.
2510 Conn_GetClient( CONN_ID Idx )
2515 c = array_get(&My_ConnArray, sizeof (CONNECTION), (size_t)Idx);
2517 return c ? c->client : NULL;
2521 * Get PROC_STAT sub-process structure of a connection.
2523 * @param Idx Connection index number.
2524 * @returns PROC_STAT structure.
2527 Conn_GetProcStat(CONN_ID Idx)
2532 c = array_get(&My_ConnArray, sizeof (CONNECTION), (size_t)Idx);
2534 return &c->proc_stat;
2535 } /* Conn_GetProcStat */
2539 * Get CONN_ID from file descriptor associated to a subprocess structure.
2541 * @param fd File descriptor.
2542 * @returns CONN_ID or NONE (-1).
2545 Conn_GetFromProc(int fd)
2550 for (i = 0; i < Pool_Size; i++) {
2551 if ((My_Connections[i].sock != NONE)
2552 && (Proc_GetPipeFd(&My_Connections[i].proc_stat) == fd))
2556 } /* Conn_GetFromProc */
2562 Conn_GetAuthPing(CONN_ID Idx)
2564 assert (Idx != NONE);
2565 return My_Connections[Idx].auth_ping;
2566 } /* Conn_GetAuthPing */
2569 Conn_SetAuthPing(CONN_ID Idx, long ID)
2571 assert (Idx != NONE);
2572 My_Connections[Idx].auth_ping = ID;
2573 } /* Conn_SetAuthPing */
2581 * Get information about used SSL cipher.
2583 * @param Idx Connection index number.
2584 * @param buf Buffer for returned information text.
2585 * @param len Size of return buffer "buf".
2586 * @returns true on success, false otherwise.
2589 Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
2593 assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
2594 return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len);
2599 * Check if a connection is SSL-enabled or not.
2601 * @param Idx Connection index number.
2602 * @return true if connection is SSL-enabled, false otherwise.
2605 Conn_UsesSSL(CONN_ID Idx)
2609 assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
2610 return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL);
2615 Conn_GetCertFp(CONN_ID Idx)
2619 assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
2620 return ConnSSL_GetCertFp(&My_Connections[Idx]);
2625 Conn_SetCertFp(CONN_ID Idx, const char *fingerprint)
2629 assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
2630 return ConnSSL_SetCertFp(&My_Connections[Idx], fingerprint);
2634 Conn_UsesSSL(UNUSED CONN_ID Idx)
2641 Conn_GetCertFp(UNUSED CONN_ID Idx)
2648 Conn_SetCertFp(UNUSED CONN_ID Idx, UNUSED const char *fingerprint)
2658 * Dump internal state of the "connection module".
2661 Conn_DebugDump(void)
2665 Log(LOG_DEBUG, "Connection status:");
2666 for (i = 0; i < Pool_Size; i++) {
2667 if (My_Connections[i].sock == NONE)
2670 " - %d: host=%s, lastdata=%ld, lastping=%ld, delaytime=%ld, flag=%d, options=%d, bps=%d, client=%s",
2671 My_Connections[i].sock, My_Connections[i].host,
2672 My_Connections[i].lastdata, My_Connections[i].lastping,
2673 My_Connections[i].delaytime, My_Connections[i].flag,
2674 My_Connections[i].options, My_Connections[i].bps,
2675 My_Connections[i].client ? Client_ID(My_Connections[i].client) : "-");
2677 } /* Conn_DumpClients */