X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=gateway.c;h=ae706cfad32acaccf3272bdd630aeebc3fc988be;hp=8aaf7e28f19680a85ecd7c073858876061e9cb09;hb=eadc3100faaf9d658801c21ca1dccc0bfa6da0e2;hpb=e8db07c2f0720685bb504013a6a1e576b0cf718f diff --git a/gateway.c b/gateway.c index 8aaf7e28..ae706cfa 100644 --- a/gateway.c +++ b/gateway.c @@ -1,4 +1,4 @@ -const char gateway_rcs[] = "$Id: gateway.c,v 1.50 2009/05/10 10:19:23 fabiankeil Exp $"; +const char gateway_rcs[] = "$Id: gateway.c,v 1.91 2012/10/21 12:56:38 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/gateway.c,v $ @@ -7,7 +7,7 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.50 2009/05/10 10:19:23 fabiankeil * using a "forwarder" (i.e. HTTP proxy and/or a SOCKS4 * or SOCKS5 proxy). * - * Copyright : Written by and Copyright (C) 2001-2009 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2009 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -32,225 +32,8 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.50 2009/05/10 10:19:23 fabiankeil * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: gateway.c,v $ - * Revision 1.50 2009/05/10 10:19:23 fabiankeil - * Reenable server-side-only keep-alive support, but only share - * outgoing connections if the connection-sharing option is set. - * - * Revision 1.49 2009/05/10 10:12:30 fabiankeil - * Initial keep-alive support for the client socket. - * Temporarily disable the server-side-only keep-alive code. - * - * Revision 1.48 2009/02/13 17:20:36 fabiankeil - * Reword keep-alive support warning and only show - * it #if !defined(HAVE_POLL) && !defined(_WIN32). - * - * Revision 1.47 2008/12/24 17:06:19 fabiankeil - * Keep a thread around to timeout alive connections - * even if no new requests are coming in. - * - * Revision 1.46 2008/12/13 11:07:23 fabiankeil - * Remove duplicated debugging checks - * in connection_destination_matches(). - * - * Revision 1.45 2008/12/04 18:17:07 fabiankeil - * Fix some cparser warnings. - * - * Revision 1.44 2008/11/22 11:54:04 fabiankeil - * Move log message around to include the socket number. - * - * Revision 1.43 2008/11/13 09:15:51 fabiankeil - * Make keep_alive_timeout static. - * - * Revision 1.42 2008/11/13 09:08:42 fabiankeil - * Add new config option: keep-alive-timeout. - * - * Revision 1.41 2008/11/08 15:29:58 fabiankeil - * Unify two debug messages. - * - * Revision 1.40 2008/11/08 15:14:05 fabiankeil - * Fix duplicated debugging check. - * - * Revision 1.39 2008/10/25 11:33:01 fabiankeil - * Remove already out-commented line left over from debugging. - * - * Revision 1.38 2008/10/24 17:33:00 fabiankeil - * - Tone the "keep-alive support is experimental" warning - * down a bit as hackish 0-chunk detection has been - * implemented recently. - * - Only show the "ndef HAVE_POLL" warning once on start-up. - * - * Revision 1.37 2008/10/23 17:40:53 fabiankeil - * Fix forget_connection() and mark_connection_unused(), - * which would both under certain circumstances access - * reusable_connection[MAX_REUSABLE_CONNECTIONS]. Oops. - * - * Revision 1.36 2008/10/18 19:49:15 fabiankeil - * - Factor close_unusable_connections() out of - * get_reusable_connection() to make sure we really check - * all the remembered connections, not just the ones before - * the next reusable one. - * - Plug two file descriptor leaks. Internally marking - * connections as closed doesn't cut it. - * - * Revision 1.35 2008/10/17 17:12:01 fabiankeil - * In socket_is_still_usable(), use select() - * and FD_ISSET() if poll() isn't available. - * - * Revision 1.34 2008/10/17 17:07:13 fabiankeil - * Add preliminary timeout support. - * - * Revision 1.33 2008/10/16 16:34:21 fabiankeil - * Fix two gcc44 warnings. - * - * Revision 1.32 2008/10/16 16:27:22 fabiankeil - * Fix compiler warning. - * - * Revision 1.31 2008/10/16 07:31:11 fabiankeil - * - Factor socket_is_still_usable() out of get_reusable_connection(). - * - If poll() isn't available, show a warning and assume the socket - * is still usable. - * - * Revision 1.30 2008/10/13 17:31:03 fabiankeil - * If a remembered connection is no longer usable and - * has been marked closed, don't bother checking if the - * destination matches. - * - * Revision 1.29 2008/10/11 16:59:41 fabiankeil - * Add missing dots for two log messages. - * - * Revision 1.28 2008/10/09 18:21:41 fabiankeil - * Flush work-in-progress changes to keep outgoing connections - * alive where possible. Incomplete and mostly #ifdef'd out. - * - * Revision 1.27 2008/09/27 15:05:51 fabiankeil - * Return only once in forwarded_connect(). - * - * Revision 1.26 2008/08/18 17:42:06 fabiankeil - * Fix typo in macro name. - * - * Revision 1.25 2008/02/07 18:09:46 fabiankeil - * In socks5_connect: - * - make the buffers quite a bit smaller. - * - properly report "socks5 server unreachable" failures. - * - let strncpy() use the whole buffer. Using a length of 0xffu wasn't actually - * wrong, but requires too much thinking as it doesn't depend on the buffer size. - * - log a message if the socks5 server sends more data than expected. - * - add some assertions and comments. - * - * Revision 1.24 2008/02/04 14:56:29 fabiankeil - * - Fix a compiler warning. - * - Stop assuming that htonl(INADDR_NONE) equals INADDR_NONE. - * - * Revision 1.23 2008/02/04 13:11:35 fabiankeil - * Remember the cause of the SOCKS5 error for the CGI message. - * - * Revision 1.22 2008/02/03 13:46:15 fabiankeil - * Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes. - * - * Revision 1.21 2007/07/28 12:30:03 fabiankeil - * Modified patch from Song Weijia (#1762559) to - * fix socks requests on big-endian platforms. - * - * Revision 1.20 2007/05/14 10:23:48 fabiankeil - * - Use strlcpy() instead of strcpy(). - * - Use the same buffer for socks requests and socks responses. - * - Fix bogus warning about web_server_addr being used uninitialized. - * - * Revision 1.19 2007/01/25 14:09:45 fabiankeil - * - Save errors in socks4_connect() to csp->error_message. - * - Silence some gcc43 warnings, hopefully the right way. - * - * Revision 1.18 2006/07/18 14:48:46 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.16 2002/05/12 21:36:29 jongfoster - * Correcting function comments - * - * Revision 1.15 2002/03/26 22:29:54 swa - * we have a new homepage! - * - * Revision 1.14 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.13 2002/03/13 00:29:59 jongfoster - * Killing warnings - * - * Revision 1.12 2002/03/09 20:03:52 jongfoster - * - Making various functions return int rather than size_t. - * (Undoing a recent change). Since size_t is unsigned on - * Windows, functions like read_socket that return -1 on - * error cannot return a size_t. - * - * THIS WAS A MAJOR BUG - it caused frequent, unpredictable - * crashes, and also frequently caused JB to jump to 100% - * CPU and stay there. (Because it thought it had just - * read ((unsigned)-1) == 4Gb of data...) - * - * - The signature of write_socket has changed, it now simply - * returns success=0/failure=nonzero. - * - * - Trying to get rid of a few warnings --with-debug on - * Windows, I've introduced a new type "jb_socket". This is - * used for the socket file descriptors. On Windows, this - * is SOCKET (a typedef for unsigned). Everywhere else, it's - * an int. The error value can't be -1 any more, so it's - * now JB_INVALID_SOCKET (which is -1 on UNIX, and in - * Windows it maps to the #define INVALID_SOCKET.) - * - * - The signature of bind_port has changed. - * - * Revision 1.11 2002/03/08 17:46:04 jongfoster - * Fixing int/size_t warnings - * - * Revision 1.10 2002/03/07 03:50:19 oes - * - Improved handling of failed DNS lookups - * - Fixed compiler warnings - * - * Revision 1.9 2001/10/25 03:40:48 david__schmidt - * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple - * threads to call select() simultaneously. So, it's time to do a real, live, - * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ - * (native). Both versions will work, but using __OS2__ offers multi-threading. - * - * Revision 1.8 2001/09/13 20:10:12 jongfoster - * Fixing missing #include under Windows - * - * Revision 1.7 2001/09/12 17:58:26 steudten - * - * add #include - * - * Revision 1.6 2001/09/10 10:41:16 oes - * Added #include in.h - * - * Revision 1.5 2001/07/29 18:47:57 jongfoster - * Adding missing #include project.h - * - * Revision 1.4 2001/07/24 12:47:06 oes - * Applied BeOS support update by Eugenia - * - * Revision 1.3 2001/06/09 10:55:28 jongfoster - * Changing BUFSIZ ==> BUFFER_SIZE - * - * Revision 1.2 2001/06/07 23:11:38 jongfoster - * Removing gateways[] list - no longer used. - * Replacing function pointer in struct gateway with a directly - * called function forwarded_connect(), which can do the common - * task of deciding whether to connect to the web server or HTTP - * proxy. - * Replacing struct gateway with struct forward_spec - * Fixing bug with SOCKS4A and HTTP proxy server in combination. - * It was a bug which led to the connection being made to the web - * server rather than the HTTP proxy, and also a buffer overrun. - * - * Revision 1.1.1.1 2001/05/15 13:58:54 oes - * Initial import of version 2.9.3 source tree - * - * *********************************************************************/ - + #include "config.h" @@ -285,7 +68,7 @@ const char gateway_rcs[] = "$Id: gateway.c,v 1.50 2009/05/10 10:19:23 fabiankeil #include "miscutil.h" #ifdef FEATURE_CONNECTION_KEEP_ALIVE #ifdef HAVE_POLL -#ifdef __GLIBC__ +#ifdef __GLIBC__ #include #else #include @@ -305,21 +88,24 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, int target_port, struct client_state *csp); +enum { + SOCKS4_REQUEST_GRANTED = 90, + SOCKS4_REQUEST_REJECT = 91, + SOCKS4_REQUEST_IDENT_FAILED = 92, + SOCKS4_REQUEST_IDENT_CONFLICT = 93 +}; -#define SOCKS_REQUEST_GRANTED 90 -#define SOCKS_REQUEST_REJECT 91 -#define SOCKS_REQUEST_IDENT_FAILED 92 -#define SOCKS_REQUEST_IDENT_CONFLICT 93 - -#define SOCKS5_REQUEST_GRANTED 0 -#define SOCKS5_REQUEST_FAILED 1 -#define SOCKS5_REQUEST_DENIED 2 -#define SOCKS5_REQUEST_NETWORK_UNREACHABLE 3 -#define SOCKS5_REQUEST_HOST_UNREACHABLE 4 -#define SOCKS5_REQUEST_CONNECTION_REFUSED 5 -#define SOCKS5_REQUEST_TTL_EXPIRED 6 -#define SOCKS5_REQUEST_PROTOCOL_ERROR 7 -#define SOCKS5_REQUEST_BAD_ADDRESS_TYPE 8 +enum { + SOCKS5_REQUEST_GRANTED = 0, + SOCKS5_REQUEST_FAILED = 1, + SOCKS5_REQUEST_DENIED = 2, + SOCKS5_REQUEST_NETWORK_UNREACHABLE = 3, + SOCKS5_REQUEST_HOST_UNREACHABLE = 4, + SOCKS5_REQUEST_CONNECTION_REFUSED = 5, + SOCKS5_REQUEST_TTL_EXPIRED = 6, + SOCKS5_REQUEST_PROTOCOL_ERROR = 7, + SOCKS5_REQUEST_BAD_ADDRESS_TYPE = 8 +}; /* structure of a socks client operation */ struct socks_op { @@ -342,13 +128,13 @@ struct socks_reply { static const char socks_userid[] = "anonymous"; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE +#ifdef FEATURE_CONNECTION_SHARING #define MAX_REUSABLE_CONNECTIONS 100 static unsigned int keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT; static struct reusable_connection reusable_connection[MAX_REUSABLE_CONNECTIONS]; -static int mark_connection_unused(jb_socket sfd); +static int mark_connection_unused(const struct reusable_connection *connection); /********************************************************************* * @@ -386,25 +172,23 @@ extern void initialize_reusable_connections(void) * * Function : remember_connection * - * Description : Remembers a connection for reuse later on. + * Description : Remembers a server connection for reuse later on. * * Parameters : - * 1 : sfd = Open socket to remember. - * 2 : http = The destination for the connection. - * 3 : fwd = The forwarder settings used. + * 1 : connection = The server connection to remember. * * Returns : void * *********************************************************************/ -void remember_connection(jb_socket sfd, const struct http_request *http, - const struct forward_spec *fwd) +void remember_connection(const struct reusable_connection *connection) { unsigned int slot = 0; int free_slot_found = FALSE; - assert(sfd != JB_INVALID_SOCKET); + assert(NULL != connection); + assert(connection->sfd != JB_INVALID_SOCKET); - if (mark_connection_unused(sfd)) + if (mark_connection_unused(connection)) { return; } @@ -419,7 +203,7 @@ void remember_connection(jb_socket sfd, const struct http_request *http, assert(reusable_connection[slot].in_use == 0); log_error(LOG_LEVEL_CONNECT, "Remembering socket %d for %s:%d in slot %d.", - sfd, http->host, http->port, slot); + connection->sfd, connection->host, connection->port, slot); free_slot_found = TRUE; break; } @@ -428,62 +212,54 @@ void remember_connection(jb_socket sfd, const struct http_request *http, if (!free_slot_found) { log_error(LOG_LEVEL_CONNECT, - "No free slots found to remembering socket for %s:%d. Last slot %d.", - http->host, http->port, slot); + "No free slots found to remember socket for %s:%d. Last slot %d.", + connection->host, connection->port, slot); privoxy_mutex_unlock(&connection_reuse_mutex); - close_socket(sfd); + close_socket(connection->sfd); return; } - assert(NULL != http->host); - reusable_connection[slot].host = strdup(http->host); - if (NULL == reusable_connection[slot].host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving socket."); - } - reusable_connection[slot].sfd = sfd; - reusable_connection[slot].port = http->port; + assert(NULL != connection->host); + reusable_connection[slot].host = strdup_or_die(connection->host); + reusable_connection[slot].sfd = connection->sfd; + reusable_connection[slot].port = connection->port; reusable_connection[slot].in_use = 0; - reusable_connection[slot].timestamp = time(NULL); + reusable_connection[slot].timestamp = connection->timestamp; + reusable_connection[slot].request_sent = connection->request_sent; + reusable_connection[slot].response_received = connection->response_received; + reusable_connection[slot].keep_alive_timeout = connection->keep_alive_timeout; + reusable_connection[slot].requests_sent_total = connection->requests_sent_total; - assert(NULL != fwd); assert(reusable_connection[slot].gateway_host == NULL); assert(reusable_connection[slot].gateway_port == 0); assert(reusable_connection[slot].forwarder_type == SOCKS_NONE); assert(reusable_connection[slot].forward_host == NULL); assert(reusable_connection[slot].forward_port == 0); - reusable_connection[slot].forwarder_type = fwd->type; - if (NULL != fwd->gateway_host) + reusable_connection[slot].forwarder_type = connection->forwarder_type; + if (NULL != connection->gateway_host) { - reusable_connection[slot].gateway_host = strdup(fwd->gateway_host); - if (NULL == reusable_connection[slot].gateway_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving gateway_host."); - } + reusable_connection[slot].gateway_host = strdup_or_die(connection->gateway_host); } else { reusable_connection[slot].gateway_host = NULL; } - reusable_connection[slot].gateway_port = fwd->gateway_port; + reusable_connection[slot].gateway_port = connection->gateway_port; - if (NULL != fwd->forward_host) + if (NULL != connection->forward_host) { - reusable_connection[slot].forward_host = strdup(fwd->forward_host); - if (NULL == reusable_connection[slot].forward_host) - { - log_error(LOG_LEVEL_FATAL, "Out of memory saving forward_host."); - } + reusable_connection[slot].forward_host = strdup_or_die(connection->forward_host); } else { reusable_connection[slot].forward_host = NULL; } - reusable_connection[slot].forward_port = fwd->forward_port; + reusable_connection[slot].forward_port = connection->forward_port; privoxy_mutex_unlock(&connection_reuse_mutex); } +#endif /* def FEATURE_CONNECTION_SHARING */ /********************************************************************* @@ -505,6 +281,10 @@ void mark_connection_closed(struct reusable_connection *closed_connection) freez(closed_connection->host); closed_connection->port = 0; closed_connection->timestamp = 0; + closed_connection->request_sent = 0; + closed_connection->response_received = 0; + closed_connection->keep_alive_timeout = 0; + closed_connection->requests_sent_total = 0; closed_connection->forwarder_type = SOCKS_NONE; freez(closed_connection->gateway_host); closed_connection->gateway_port = 0; @@ -513,6 +293,7 @@ void mark_connection_closed(struct reusable_connection *closed_connection) } +#ifdef FEATURE_CONNECTION_SHARING /********************************************************************* * * Function : forget_connection @@ -545,19 +326,17 @@ void forget_connection(jb_socket sfd) sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); mark_connection_closed(&reusable_connection[slot]); - privoxy_mutex_unlock(&connection_reuse_mutex); - - return; + break; } } - log_error(LOG_LEVEL_CONNECT, - "Socket %d already forgotten or never remembered.", sfd); - privoxy_mutex_unlock(&connection_reuse_mutex); + } +#endif /* def FEATURE_CONNECTION_SHARING */ +#ifdef FEATURE_CONNECTION_KEEP_ALIVE /********************************************************************* * * Function : connection_destination_matches @@ -591,7 +370,9 @@ int connection_destination_matches(const struct reusable_connection *connection, && strcmpic(connection->gateway_host, fwd->gateway_host)) && (connection->gateway_host != fwd->gateway_host)) { - log_error(LOG_LEVEL_CONNECT, "Gateway mismatch."); + log_error(LOG_LEVEL_CONNECT, + "Gateway mismatch. Previous gateway: %s. Current gateway: %s", + connection->gateway_host, fwd->gateway_host); return FALSE; } @@ -600,15 +381,19 @@ int connection_destination_matches(const struct reusable_connection *connection, && strcmpic(connection->forward_host, fwd->forward_host)) && (connection->forward_host != fwd->forward_host)) { - log_error(LOG_LEVEL_CONNECT, "Forwarding proxy mismatch."); + log_error(LOG_LEVEL_CONNECT, + "Forwarding proxy mismatch. Previous proxy: %s. Current proxy: %s", + connection->forward_host, fwd->forward_host); return FALSE; } return (!strcmpic(connection->host, http->host)); } +#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#ifdef FEATURE_CONNECTION_SHARING /********************************************************************* * * Function : close_unusable_connections @@ -634,19 +419,23 @@ int close_unusable_connections(void) && (JB_INVALID_SOCKET != reusable_connection[slot].sfd)) { time_t time_open = time(NULL) - reusable_connection[slot].timestamp; + time_t latency = (reusable_connection[slot].response_received - + reusable_connection[slot].request_sent) / 2; - if (keep_alive_timeout < time_open) + if (reusable_connection[slot].keep_alive_timeout < time_open + latency) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d timed out. " - "Closing socket %d. Timeout is: %d.", + "Closing socket %d. Timeout is: %d. Assumed latency: %d.", reusable_connection[slot].host, reusable_connection[slot].port, slot, - reusable_connection[slot].sfd, keep_alive_timeout); + reusable_connection[slot].sfd, + reusable_connection[slot].keep_alive_timeout, + latency); close_socket(reusable_connection[slot].sfd); mark_connection_closed(&reusable_connection[slot]); } - else if (!socket_is_still_usable(reusable_connection[slot].sfd)) + else if (!socket_is_still_alive(reusable_connection[slot].sfd)) { log_error(LOG_LEVEL_CONNECT, "The connection to %s:%d in slot %d is no longer usable. " @@ -705,8 +494,14 @@ static jb_socket get_reusable_connection(const struct http_request *http, reusable_connection[slot].in_use = TRUE; sfd = reusable_connection[slot].sfd; log_error(LOG_LEVEL_CONNECT, - "Found reusable socket %d for %s:%d in slot %d.", - sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); + "Found reusable socket %d for %s:%d in slot %d. Timestamp made %d " + "seconds ago. Timeout: %d. Latency: %d. Requests served: %d", + sfd, reusable_connection[slot].host, reusable_connection[slot].port, + slot, time(NULL) - reusable_connection[slot].timestamp, + reusable_connection[slot].keep_alive_timeout, + (int)(reusable_connection[slot].response_received - + reusable_connection[slot].request_sent), + reusable_connection[slot].requests_sent_total); break; } } @@ -726,33 +521,33 @@ static jb_socket get_reusable_connection(const struct http_request *http, * Description : Gives a remembered connection free for reuse. * * Parameters : - * 1 : sfd = The socket belonging to the connection in question. + * 1 : connection = The connection in question. * * Returns : TRUE => Socket found and marked as unused. * FALSE => Socket not found. * *********************************************************************/ -static int mark_connection_unused(jb_socket sfd) +static int mark_connection_unused(const struct reusable_connection *connection) { unsigned int slot = 0; int socket_found = FALSE; - assert(sfd != JB_INVALID_SOCKET); + assert(connection->sfd != JB_INVALID_SOCKET); privoxy_mutex_lock(&connection_reuse_mutex); for (slot = 0; slot < SZ(reusable_connection); slot++) { - if (reusable_connection[slot].sfd == sfd) + if (reusable_connection[slot].sfd == connection->sfd) { assert(reusable_connection[slot].in_use); socket_found = TRUE; log_error(LOG_LEVEL_CONNECT, "Marking open socket %d for %s:%d in slot %d as unused.", - sfd, reusable_connection[slot].host, + connection->sfd, reusable_connection[slot].host, reusable_connection[slot].port, slot); reusable_connection[slot].in_use = 0; - reusable_connection[slot].timestamp = time(NULL); + reusable_connection[slot].timestamp = connection->timestamp; break; } } @@ -781,7 +576,7 @@ void set_keep_alive_timeout(unsigned int timeout) { keep_alive_timeout = timeout; } -#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#endif /* def FEATURE_CONNECTION_SHARING */ /********************************************************************* @@ -807,8 +602,9 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, int dest_port; jb_socket sfd = JB_INVALID_SOCKET; -#ifdef FEATURE_CONNECTION_KEEP_ALIVE - if ((csp->config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING)) +#ifdef FEATURE_CONNECTION_SHARING + if ((csp->config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING) + && !(csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)) { sfd = get_reusable_connection(http, fwd); if (JB_INVALID_SOCKET != sfd) @@ -816,7 +612,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, return sfd; } } -#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ +#endif /* def FEATURE_CONNECTION_SHARING */ /* Figure out if we need to connect to the web server or a HTTP proxy. */ if (fwd->forward_host) @@ -848,7 +644,7 @@ jb_socket forwarded_connect(const struct forward_spec * fwd, default: /* Should never get here */ log_error(LOG_LEVEL_FATAL, - "SOCKS4 impossible internal error - bad SOCKS type."); + "Internal error in forwarded_connect(). Bad proxy type: %d", fwd->type); } if (JB_INVALID_SOCKET != sfd) @@ -891,7 +687,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, int target_port, struct client_state *csp) { - unsigned int web_server_addr; + unsigned long web_server_addr; char buf[BUFFER_SIZE]; struct socks_op *c = (struct socks_op *)buf; struct socks_reply *s = (struct socks_reply *)buf; @@ -917,7 +713,7 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); errno = EINVAL; return(JB_INVALID_SOCKET); } @@ -986,24 +782,20 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, c->vn = 4; c->cd = 1; - c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); - c->dstport[1] = (unsigned char)((target_port ) & 0xff); - c->dstip[0] = (unsigned char)((web_server_addr >> 24 ) & 0xff); - c->dstip[1] = (unsigned char)((web_server_addr >> 16 ) & 0xff); - c->dstip[2] = (unsigned char)((web_server_addr >> 8 ) & 0xff); - c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); + c->dstport[0] = (unsigned char)((target_port >> 8 ) & 0xff); + c->dstport[1] = (unsigned char)((target_port ) & 0xff); + c->dstip[0] = (unsigned char)((web_server_addr >> 24) & 0xff); + c->dstip[1] = (unsigned char)((web_server_addr >> 16) & 0xff); + c->dstip[2] = (unsigned char)((web_server_addr >> 8) & 0xff); + c->dstip[3] = (unsigned char)((web_server_addr ) & 0xff); /* pass the request to the socks server */ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp); if (sfd == JB_INVALID_SOCKET) { - /* - * XXX: connect_to should fill in the exact reason. - * Most likely resolving the IP of the forwarder failed. - */ - errstr = "connect_to failed: see logfile for details"; - err = 1; + /* The error an its reason have already been logged by connect_to() */ + return(JB_INVALID_SOCKET); } else if (write_socket(sfd, (char *)c, csiz)) { @@ -1012,6 +804,20 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, err = 1; close_socket(sfd); } + else if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS4 negotiation timed out"; + } + else + { + errstr = "SOCKS4 negotiation got aborted by the server"; + } + log_error(LOG_LEVEL_CONNECT, "socks4_connect: %s", errstr); + err = 1; + close_socket(sfd); + } else if (read_socket(sfd, buf, sizeof(buf)) != sizeof(*s)) { errstr = "SOCKS4 negotiation read failed."; @@ -1022,24 +828,24 @@ static jb_socket socks4_connect(const struct forward_spec * fwd, if (err) { - csp->error_message = strdup(errstr); + csp->error_message = strdup(errstr); return(JB_INVALID_SOCKET); } switch (s->cd) { - case SOCKS_REQUEST_GRANTED: + case SOCKS4_REQUEST_GRANTED: return(sfd); - case SOCKS_REQUEST_REJECT: + case SOCKS4_REQUEST_REJECT: errstr = "SOCKS request rejected or failed."; errno = EINVAL; break; - case SOCKS_REQUEST_IDENT_FAILED: + case SOCKS4_REQUEST_IDENT_FAILED: errstr = "SOCKS request rejected because " "SOCKS server cannot connect to identd on the client."; errno = EACCES; break; - case SOCKS_REQUEST_IDENT_CONFLICT: + case SOCKS4_REQUEST_IDENT_CONFLICT: errstr = "SOCKS request rejected because " "the client program and identd report " "different user-ids."; @@ -1126,7 +932,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, { int err = 0; char cbuf[300]; - char sbuf[30]; + char sbuf[10]; size_t client_pos = 0; int server_size = 0; size_t hostlen = 0; @@ -1182,6 +988,8 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, { errstr = "socks5 server unreachable"; log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr); + /* Free the generic error message provided by connect_to() */ + freez(csp->error_message); csp->error_message = strdup(errstr); return(JB_INVALID_SOCKET); } @@ -1200,7 +1008,20 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, return(JB_INVALID_SOCKET); } - if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2) + if (!data_is_available(sfd, csp->config->socket_timeout)) + { + if (socket_is_still_alive(sfd)) + { + errstr = "SOCKS5 negotiation timed out"; + } + else + { + errstr = "SOCKS5 negotiation got aborted by the server"; + } + err = 1; + } + + if (!err && read_socket(sfd, sbuf, sizeof(sbuf)) != 2) { errstr = "SOCKS5 negotiation read failed"; err = 1; @@ -1249,7 +1070,7 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, if (write_socket(sfd, cbuf, client_pos)) { - errstr = "SOCKS5 negotiation read failed"; + errstr = "SOCKS5 negotiation write failed"; csp->error_message = strdup(errstr); log_error(LOG_LEVEL_CONNECT, "%s", errstr); close_socket(sfd); @@ -1258,39 +1079,28 @@ static jb_socket socks5_connect(const struct forward_spec *fwd, } server_size = read_socket(sfd, sbuf, sizeof(sbuf)); - if (server_size < 3) + if (server_size != sizeof(sbuf)) { errstr = "SOCKS5 negotiation read failed"; - err = 1; - } - else if (server_size > 20) - { - /* This is somewhat unexpected but doesn't realy matter. */ - log_error(LOG_LEVEL_CONNECT, "socks5_connect: read %d bytes " - "from socks server. Would have accepted up to %d.", - server_size, sizeof(sbuf)); } - - if (!err && (sbuf[0] != '\x05')) - { - errstr = "SOCKS5 negotiation protocol version error"; - err = 1; - } - - if (!err && (sbuf[2] != '\x00')) - { - errstr = "SOCKS5 negotiation protocol error"; - err = 1; - } - - if (!err) + else { - if (sbuf[1] == SOCKS5_REQUEST_GRANTED) + if (sbuf[0] != '\x05') + { + errstr = "SOCKS5 negotiation protocol version error"; + } + else if (sbuf[2] != '\x00') + { + errstr = "SOCKS5 negotiation protocol error"; + } + else if (sbuf[1] != SOCKS5_REQUEST_GRANTED) + { + errstr = translate_socks5_error(sbuf[1]); + } + else { return(sfd); } - errstr = translate_socks5_error(sbuf[1]); - err = 1; } assert(errstr != NULL);