From aac3c952498f814df3843fb18ffcc11783c763ba Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Mon, 29 Aug 2016 09:56:48 +0000 Subject: [PATCH] - add persistent connections --- src/gns/gnunet-gns-proxy.c | 1099 +++++++++++++++++++----------------- 1 file changed, 586 insertions(+), 513 deletions(-) diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 2671404a0..e7671c5d5 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c @@ -802,6 +802,7 @@ mhd_content_cb (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Completed MHD download\n"); + s5r->state = SOCKS5_SOCKET_WITH_MHD; return MHD_CONTENT_READER_END_OF_STREAM; } GNUNET_memcpy (buf, s5r->io_buf, bytes_to_copy); @@ -1037,10 +1038,10 @@ curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) } /* force connection to be closed after each request, as we do not support HTTP pipelining (yet, FIXME!) */ - GNUNET_break (MHD_YES == + /*GNUNET_break (MHD_YES == MHD_add_response_header (s5r->response, MHD_HTTP_HEADER_CONNECTION, - "close")); + "close"));*/ } ndup = GNUNET_strndup (buffer, bytes); @@ -1345,67 +1346,67 @@ curl_task_download (void *cls) while (NULL != (msg = curl_multi_info_read (curl_multi, &msgnum))) { GNUNET_break (CURLE_OK == - curl_easy_getinfo (msg->easy_handle, - CURLINFO_PRIVATE, - (char **) &s5r )); + curl_easy_getinfo (msg->easy_handle, + CURLINFO_PRIVATE, + (char **) &s5r )); if (NULL == s5r) { - GNUNET_break (0); - continue; + GNUNET_break (0); + continue; } switch (msg->msg) { - case CURLMSG_NONE: - /* documentation says this is not used */ - GNUNET_break (0); - break; - case CURLMSG_DONE: - switch (msg->data.result) - { - case CURLE_OK: - case CURLE_GOT_NOTHING: - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "CURL download completed.\n"); - s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE; - run_mhd_now (s5r->hd); - break; - default: - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Download curl failed: %s\n", - curl_easy_strerror (msg->data.result)); - /* FIXME: indicate error somehow? close MHD connection badly as well? */ - s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE; - run_mhd_now (s5r->hd); - break; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Cleaning up cURL handle\n"); - curl_multi_remove_handle (curl_multi, s5r->curl); - curl_easy_cleanup (s5r->curl); - s5r->curl = NULL; - if (NULL == s5r->response) - s5r->response = curl_failure_response; - break; - case CURLMSG_LAST: - /* documentation says this is not used */ - GNUNET_break (0); - break; - default: - /* unexpected status code */ - GNUNET_break (0); - break; + case CURLMSG_NONE: + /* documentation says this is not used */ + GNUNET_break (0); + break; + case CURLMSG_DONE: + switch (msg->data.result) + { + case CURLE_OK: + case CURLE_GOT_NOTHING: + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "CURL download completed.\n"); + s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE; + run_mhd_now (s5r->hd); + break; + default: + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Download curl failed: %s\n", + curl_easy_strerror (msg->data.result)); + /* FIXME: indicate error somehow? close MHD connection badly as well? */ + s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE; + run_mhd_now (s5r->hd); + break; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up cURL handle\n"); + curl_multi_remove_handle (curl_multi, s5r->curl); + curl_easy_cleanup (s5r->curl); + s5r->curl = NULL; + if (NULL == s5r->response) + s5r->response = curl_failure_response; + break; + case CURLMSG_LAST: + /* documentation says this is not used */ + GNUNET_break (0); + break; + default: + /* unexpected status code */ + GNUNET_break (0); + break; } }; } while (mret == CURLM_CALL_MULTI_PERFORM); if (CURLM_OK != mret) GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "%s failed at %s:%d: `%s'\n", + "%s failed at %s:%d: `%s'\n", "curl_multi_perform", __FILE__, __LINE__, curl_multi_strerror (mret)); if (0 == running) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Suspending cURL multi loop, no more events pending\n"); + "Suspending cURL multi loop, no more events pending\n"); return; /* nothing more in progress */ } curl_download_prepare (); @@ -1440,17 +1441,17 @@ con_val_iter (void *cls, if ( (0 == strcasecmp (MHD_HTTP_HEADER_HOST, key)) && (NULL != s5r->leho) ) value = s5r->leho; - if (0 == strcasecmp (MHD_HTTP_HEADER_CONNECTION, key)) - value = "Close"; + /*if (0 == strcasecmp (MHD_HTTP_HEADER_CONNECTION, key)) + value = "Close";*/ GNUNET_asprintf (&hdr, - "%s: %s", - key, - value); + "%s: %s", + key, + value); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Adding HEADER `%s' to HTTP request\n", - hdr); + "Adding HEADER `%s' to HTTP request\n", + hdr); s5r->headers = curl_slist_append (s5r->headers, - hdr); + hdr); GNUNET_free (hdr); return MHD_YES; } @@ -1505,54 +1506,55 @@ create_response (void *cls, GNUNET_break (0); return MHD_NO; } - if ( (NULL == s5r->curl) && - (SOCKS5_SOCKET_WITH_MHD == s5r->state) ) + //Fresh connection. Maybe move to notify callback?? + if (SOCKS5_SOCKET_WITH_MHD == s5r->state) { /* first time here, initialize curl handle */ sa = (const struct sockaddr *) &s5r->destination_address; switch (sa->sa_family) { - case AF_INET: - s4 = (const struct sockaddr_in *) &s5r->destination_address; - if (NULL == inet_ntop (AF_INET, - &s4->sin_addr, - ipstring, - sizeof (ipstring))) - { - GNUNET_break (0); - return MHD_NO; - } - GNUNET_snprintf (ipaddr, - sizeof (ipaddr), - "%s", - ipstring); - port = ntohs (s4->sin_port); - break; - case AF_INET6: - s6 = (const struct sockaddr_in6 *) &s5r->destination_address; - if (NULL == inet_ntop (AF_INET6, - &s6->sin6_addr, - ipstring, - sizeof (ipstring))) - { - GNUNET_break (0); - return MHD_NO; - } - GNUNET_snprintf (ipaddr, - sizeof (ipaddr), - "[%s]", - ipstring); - port = ntohs (s6->sin6_port); - break; - default: - GNUNET_break (0); - return MHD_NO; + case AF_INET: + s4 = (const struct sockaddr_in *) &s5r->destination_address; + if (NULL == inet_ntop (AF_INET, + &s4->sin_addr, + ipstring, + sizeof (ipstring))) + { + GNUNET_break (0); + return MHD_NO; + } + GNUNET_snprintf (ipaddr, + sizeof (ipaddr), + "%s", + ipstring); + port = ntohs (s4->sin_port); + break; + case AF_INET6: + s6 = (const struct sockaddr_in6 *) &s5r->destination_address; + if (NULL == inet_ntop (AF_INET6, + &s6->sin6_addr, + ipstring, + sizeof (ipstring))) + { + GNUNET_break (0); + return MHD_NO; + } + GNUNET_snprintf (ipaddr, + sizeof (ipaddr), + "[%s]", + ipstring); + port = ntohs (s6->sin6_port); + break; + default: + GNUNET_break (0); + return MHD_NO; } - s5r->curl = curl_easy_init (); + if (NULL == s5r->curl) + s5r->curl = curl_easy_init (); if (NULL == s5r->curl) return MHD_queue_response (con, - MHD_HTTP_INTERNAL_SERVER_ERROR, - curl_failure_response); + MHD_HTTP_INTERNAL_SERVER_ERROR, + curl_failure_response); curl_easy_setopt (s5r->curl, CURLOPT_HEADERFUNCTION, &curl_check_hdr); curl_easy_setopt (s5r->curl, CURLOPT_HEADERDATA, s5r); curl_easy_setopt (s5r->curl, CURLOPT_FOLLOWLOCATION, 0); @@ -1572,29 +1574,28 @@ create_response (void *cls, */ if (NULL != s5r->leho) { - GNUNET_asprintf (&curl_hosts, - "%s:%d:%s", - s5r->leho, - port, - ipaddr); - s5r->hosts = curl_slist_append(NULL, curl_hosts); - curl_easy_setopt(s5r->curl, CURLOPT_RESOLVE, s5r->hosts); - GNUNET_free (curl_hosts); + GNUNET_asprintf (&curl_hosts, + "%s:%d:%s", + s5r->leho, + port, + ipaddr); + s5r->hosts = curl_slist_append(NULL, curl_hosts); + curl_easy_setopt(s5r->curl, CURLOPT_RESOLVE, s5r->hosts); + GNUNET_free (curl_hosts); } GNUNET_asprintf (&curlurl, - (HTTPS_PORT != s5r->port) - ? "http://%s:%d%s" - : "https://%s:%d%s", - (NULL != s5r->leho) + (HTTPS_PORT != s5r->port) + ? "http://%s:%d%s" + : "https://%s:%d%s", + (NULL != s5r->leho) ? s5r->leho : ipaddr, - port, - s5r->url); + port, + s5r->url); curl_easy_setopt (s5r->curl, - CURLOPT_URL, - curlurl); + CURLOPT_URL, + curlurl); GNUNET_free (curlurl); - if (0 == strcasecmp (meth, MHD_HTTP_METHOD_PUT)) { s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED; @@ -1618,6 +1619,11 @@ create_response (void *cls, s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED; curl_easy_setopt (s5r->curl, CURLOPT_NOBODY, 1); } + else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_OPTIONS)) + { + s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED; + curl_easy_setopt (s5r->curl, CURLOPT_CUSTOMREQUEST, "OPTIONS"); + } else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_GET)) { s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED; @@ -1628,8 +1634,8 @@ create_response (void *cls, else { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - _("Unsupported HTTP method `%s'\n"), - meth); + _("Unsupported HTTP method `%s'\n"), + meth); curl_easy_cleanup (s5r->curl); s5r->curl = NULL; return MHD_NO; @@ -1653,7 +1659,7 @@ create_response (void *cls, curl_easy_setopt (s5r->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL); curl_easy_setopt (s5r->curl, CURLOPT_SSL_VERIFYPEER, 1L); /* Disable cURL checking the hostname, as we will check ourselves - as only we have the domain name or the LEHO or the DANE record */ + as only we have the domain name or the LEHO or the DANE record */ curl_easy_setopt (s5r->curl, CURLOPT_SSL_VERIFYHOST, 0L); } else @@ -1669,8 +1675,11 @@ create_response (void *cls, return MHD_NO; } MHD_get_connection_values (con, - MHD_HEADER_KIND, - &con_val_iter, s5r); + MHD_HEADER_KIND, + &con_val_iter, s5r); + //TODO is this sane? + s5r->headers = curl_slist_append (s5r->headers, + "Expect:"); curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers); curl_download_prepare (); return MHD_YES; @@ -1679,11 +1688,13 @@ create_response (void *cls, /* continuing to process request */ if (0 != *upload_data_size) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Processing %lu bytes UPLOAD\n", *upload_data_size); left = GNUNET_MIN (*upload_data_size, - sizeof (s5r->io_buf) - s5r->io_len); + sizeof (s5r->io_buf) - s5r->io_len); GNUNET_memcpy (&s5r->io_buf[s5r->io_len], - upload_data, - left); + upload_data, + left); s5r->io_len += left; *upload_data_size -= left; GNUNET_assert (NULL != s5r->curl); @@ -1693,17 +1704,18 @@ create_response (void *cls, } if (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Finished processing UPLOAD\n"); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Finished processing UPLOAD\n"); s5r->state = SOCKS5_SOCKET_UPLOAD_DONE; } if (NULL == s5r->response) return MHD_YES; /* too early to queue response, did not yet get headers from cURL */ - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Queueing response with MHD\n"); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Queueing response with MHD\n"); + run_mhd_now (s5r->hd); return MHD_queue_response (con, - s5r->response_code, - s5r->response); + s5r->response_code, + s5r->response); } @@ -1711,7 +1723,7 @@ create_response (void *cls, /** - * Function called when MHD decides that we are done with a connection. + * Function called when MHD decides that we are done with a request. * * @param cls NULL * @param connection connection handle @@ -1721,9 +1733,9 @@ create_response (void *cls, */ static void mhd_completed_cb (void *cls, - struct MHD_Connection *connection, - void **con_cls, - enum MHD_RequestTerminationCode toe) + struct MHD_Connection *connection, + void **con_cls, + enum MHD_RequestTerminationCode toe) { struct Socks5Request *s5r = *con_cls; @@ -1731,14 +1743,73 @@ mhd_completed_cb (void *cls, return; if (MHD_REQUEST_TERMINATED_COMPLETED_OK != toe) GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "MHD encountered error handling request: %d\n", - toe); - cleanup_s5r (s5r); + "MHD encountered error handling request: %d\n", + toe); + if (NULL != s5r->curl) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Cleaning up cURL handle\n"); + curl_multi_remove_handle (curl_multi, s5r->curl); + curl_easy_cleanup (s5r->curl); + s5r->curl = NULL; + } + if ( (NULL != s5r->response) && + (curl_failure_response != s5r->response) ) + MHD_destroy_response (s5r->response); + s5r->response = NULL; curl_download_prepare(); *con_cls = NULL; } +/** + * Function called when MHD connection is opened or closed. + * + * @param cls NULL + * @param connection connection handle + * @param con_cls value as set by the last call to + * the MHD_AccessHandlerCallback, should be our `struct Socks5Request *` + * @param toe connection notification type + */ +static void +mhd_connection_cb (void *cls, + struct MHD_Connection *connection, + void **con_cls, + enum MHD_ConnectionNotificationCode cnc) +{ + struct Socks5Request *s5r; + const union MHD_ConnectionInfo *ci; + int sock; + + if (MHD_CONNECTION_NOTIFY_STARTED == cnc) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Connection started...\n"); + + if (MHD_CONNECTION_NOTIFY_CLOSED != cnc) + return; //Ignore + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Connection closed... cleaning up\n"); + + ci = MHD_get_connection_info (connection, + MHD_CONNECTION_INFO_CONNECTION_FD); + if (NULL == ci) + { + GNUNET_break (0); + return; + } + + sock = ci->connect_fd; + for (s5r = s5r_head; NULL != s5r; s5r = s5r->next) + if (GNUNET_NETWORK_get_fd (s5r->sock) == sock) + break; + + if (NULL == s5r) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Connection stale!\n"); + return; + } + cleanup_s5r (s5r); + *con_cls = NULL; +} + /** * Function called when MHD first processes an incoming connection. * Gives us the respective URI information. @@ -1754,15 +1825,15 @@ mhd_completed_cb (void *cls, */ static void * mhd_log_callback (void *cls, - const char *url, - struct MHD_Connection *connection) + const char *url, + struct MHD_Connection *connection) { struct Socks5Request *s5r; const union MHD_ConnectionInfo *ci; int sock; ci = MHD_get_connection_info (connection, - MHD_CONNECTION_INFO_CONNECTION_FD); + MHD_CONNECTION_INFO_CONNECTION_FD); if (NULL == ci) { GNUNET_break (0); @@ -1775,8 +1846,8 @@ mhd_log_callback (void *cls, { if (NULL != s5r->url) { - GNUNET_break (0); - return NULL; + GNUNET_break (0); + return NULL; } s5r->url = GNUNET_strdup (url); GNUNET_SCHEDULER_cancel (s5r->timeout_task); @@ -1798,8 +1869,8 @@ static void kill_httpd (struct MhdHttpList *hd) { GNUNET_CONTAINER_DLL_remove (mhd_httpd_head, - mhd_httpd_tail, - hd); + mhd_httpd_tail, + hd); GNUNET_free_non_null (hd->domain); MHD_stop_daemon (hd->daemon); if (NULL != hd->httpd_task) @@ -1892,15 +1963,15 @@ schedule_httpd (struct MhdHttpList *hd) { /* daemon is idle, kill after timeout */ hd->httpd_task = GNUNET_SCHEDULER_add_delayed (MHD_CACHE_TIMEOUT, - &kill_httpd_task, - hd); + &kill_httpd_task, + hd); } else { hd->httpd_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT, - tv, wrs, wws, - &do_httpd, hd); + tv, wrs, wws, + &do_httpd, hd); } if (NULL != wrs) GNUNET_NETWORK_fdset_destroy (wrs); @@ -1937,7 +2008,7 @@ run_mhd_now (struct MhdHttpList *hd) hd->httpd_task) GNUNET_SCHEDULER_cancel (hd->httpd_task); hd->httpd_task = GNUNET_SCHEDULER_add_now (&do_httpd, - hd); + hd); } @@ -1950,14 +2021,14 @@ run_mhd_now (struct MhdHttpList *hd) */ static void* load_file (const char* filename, - unsigned int* size) + unsigned int* size) { void *buffer; uint64_t fsize; if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fsize, - GNUNET_YES, GNUNET_YES)) + GNUNET_YES, GNUNET_YES)) return NULL; if (fsize > MAX_PEM_SIZE) return NULL; @@ -1981,7 +2052,7 @@ load_file (const char* filename, */ static int load_key_from_file (gnutls_x509_privkey_t key, - const char* keyfile) + const char* keyfile) { gnutls_datum_t key_data; int ret; @@ -1995,7 +2066,7 @@ load_key_from_file (gnutls_x509_privkey_t key, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("Unable to import private key from file `%s'\n"), - keyfile); + keyfile); } GNUNET_free_non_null (key_data.data); return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK; @@ -2011,7 +2082,7 @@ load_key_from_file (gnutls_x509_privkey_t key, */ static int load_cert_from_file (gnutls_x509_crt_t crt, - const char* certfile) + const char* certfile) { gnutls_datum_t cert_data; int ret; @@ -2024,7 +2095,7 @@ load_cert_from_file (gnutls_x509_crt_t crt, if (GNUTLS_E_SUCCESS != ret) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unable to import certificate %s\n"), certfile); + _("Unable to import certificate %s\n"), certfile); } GNUNET_free_non_null (cert_data.data); return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK; @@ -2049,8 +2120,8 @@ generate_gns_certificate (const char *name) struct ProxyGNSCertificate *pgc; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Generating TLS/SSL certificate for `%s'\n", - name); + "Generating TLS/SSL certificate for `%s'\n", + name); GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request)); GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key)); pgc = GNUNET_new (struct ProxyGNSCertificate); @@ -2063,25 +2134,25 @@ generate_gns_certificate (const char *name) GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_version (request, 3)); gnutls_rnd (GNUTLS_RND_NONCE, &serial, sizeof (serial)); gnutls_x509_crt_set_serial (request, - &serial, - sizeof (serial)); + &serial, + sizeof (serial)); etime = time (NULL); tm_data = localtime (&etime); gnutls_x509_crt_set_activation_time (request, - etime); + etime); tm_data->tm_year++; etime = mktime (tm_data); gnutls_x509_crt_set_expiration_time (request, - etime); + etime); gnutls_x509_crt_sign (request, - proxy_ca.cert, - proxy_ca.key); + proxy_ca.cert, + proxy_ca.key); key_buf_size = sizeof (pgc->key); cert_buf_size = sizeof (pgc->cert); gnutls_x509_crt_export (request, GNUTLS_X509_FMT_PEM, pgc->cert, &cert_buf_size); gnutls_x509_privkey_export (proxy_ca.key, GNUTLS_X509_FMT_PEM, - pgc->key, &key_buf_size); + pgc->key, &key_buf_size); gnutls_x509_crt_deinit (request); return pgc; } @@ -2122,27 +2193,28 @@ lookup_ssl_httpd (const char* domain) } for (hd = mhd_httpd_head; NULL != hd; hd = hd->next) if ( (NULL != hd->domain) && - (0 == strcmp (hd->domain, domain)) ) + (0 == strcmp (hd->domain, domain)) ) return hd; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Starting fresh MHD HTTPS instance for domain `%s'\n", - domain); + "Starting fresh MHD HTTPS instance for domain `%s'\n", + domain); pgc = generate_gns_certificate (domain); hd = GNUNET_new (struct MhdHttpList); hd->is_ssl = GNUNET_YES; hd->domain = GNUNET_strdup (domain); hd->proxy_cert = pgc; hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL | MHD_USE_NO_LISTEN_SOCKET, - 0, - NULL, NULL, - &create_response, hd, - MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16, - MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL, - MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL, + 0, + NULL, NULL, + &create_response, hd, + MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16, + MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL, + MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL, + MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL, MHD_OPTION_EXTERNAL_LOGGER, &mhd_error_log_callback, NULL, - MHD_OPTION_HTTPS_MEM_KEY, pgc->key, - MHD_OPTION_HTTPS_MEM_CERT, pgc->cert, - MHD_OPTION_END); + MHD_OPTION_HTTPS_MEM_KEY, pgc->key, + MHD_OPTION_HTTPS_MEM_CERT, pgc->cert, + MHD_OPTION_END); if (NULL == hd->daemon) { GNUNET_free (pgc); @@ -2150,8 +2222,8 @@ lookup_ssl_httpd (const char* domain) return NULL; } GNUNET_CONTAINER_DLL_insert (mhd_httpd_head, - mhd_httpd_tail, - hd); + mhd_httpd_tail, + hd); return hd; } @@ -2191,22 +2263,22 @@ setup_data_transfer (struct Socks5Request *s5r) switch (s5r->port) { - case HTTPS_PORT: - hd = lookup_ssl_httpd (s5r->domain); - if (NULL == hd) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Failed to start HTTPS server for `%s'\n"), - s5r->domain); - cleanup_s5r (s5r); - return; - } - break; - case HTTP_PORT: - default: - GNUNET_assert (NULL != httpd); - hd = httpd; - break; + case HTTPS_PORT: + hd = lookup_ssl_httpd (s5r->domain); + if (NULL == hd) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Failed to start HTTPS server for `%s'\n"), + s5r->domain); + cleanup_s5r (s5r); + return; + } + break; + case HTTP_PORT: + default: + GNUNET_assert (NULL != httpd); + hd = httpd; + break; } fd = GNUNET_NETWORK_get_fd (s5r->sock); addr = GNUNET_NETWORK_get_addr (s5r->sock); @@ -2215,15 +2287,15 @@ setup_data_transfer (struct Socks5Request *s5r) if (MHD_YES != MHD_add_connection (hd->daemon, fd, addr, len)) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - _("Failed to pass client to MHD\n")); + _("Failed to pass client to MHD\n")); cleanup_s5r (s5r); return; } s5r->hd = hd; schedule_httpd (hd); s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT, - &timeout_s5r_handshake, - s5r); + &timeout_s5r_handshake, + s5r); } @@ -2243,8 +2315,8 @@ do_write (void *cls) s5r->wtask = NULL; len = GNUNET_NETWORK_socket_send (s5r->sock, - s5r->wbuf, - s5r->wbuf_len); + s5r->wbuf, + s5r->wbuf_len); if (len <= 0) { /* write error: connection closed, shutdown, etc.; just clean up */ @@ -2252,16 +2324,16 @@ do_write (void *cls) return; } memmove (s5r->wbuf, - &s5r->wbuf[len], - s5r->wbuf_len - len); + &s5r->wbuf[len], + s5r->wbuf_len - len); s5r->wbuf_len -= len; if (s5r->wbuf_len > 0) { /* not done writing */ s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, - s5r->sock, - &do_write, s5r); + s5r->sock, + &do_write, s5r); return; } @@ -2269,21 +2341,21 @@ do_write (void *cls) switch (s5r->state) { - case SOCKS5_INIT: - GNUNET_assert (0); - break; - case SOCKS5_REQUEST: - GNUNET_assert (NULL != s5r->rtask); - break; - case SOCKS5_DATA_TRANSFER: - setup_data_transfer (s5r); - return; - case SOCKS5_WRITE_THEN_CLEANUP: - cleanup_s5r (s5r); - return; - default: - GNUNET_break (0); - break; + case SOCKS5_INIT: + GNUNET_assert (0); + break; + case SOCKS5_REQUEST: + GNUNET_assert (NULL != s5r->rtask); + break; + case SOCKS5_DATA_TRANSFER: + setup_data_transfer (s5r); + return; + case SOCKS5_WRITE_THEN_CLEANUP: + cleanup_s5r (s5r); + return; + default: + GNUNET_break (0); + break; } } @@ -2296,7 +2368,7 @@ do_write (void *cls) */ static void signal_socks_failure (struct Socks5Request *s5r, - enum Socks5StatusCode sc) + enum Socks5StatusCode sc) { struct Socks5ServerResponseMessage *s_resp; @@ -2308,8 +2380,8 @@ signal_socks_failure (struct Socks5Request *s5r, if (NULL != s5r->wtask) s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, - s5r->sock, - &do_write, s5r); + s5r->sock, + &do_write, s5r); } @@ -2330,15 +2402,15 @@ signal_socks_success (struct Socks5Request *s5r) s_resp->addr_type = SOCKS5_AT_IPV4; /* zero out IPv4 address and port */ memset (&s_resp[1], - 0, - sizeof (struct in_addr) + sizeof (uint16_t)); + 0, + sizeof (struct in_addr) + sizeof (uint16_t)); s5r->wbuf_len += sizeof (struct Socks5ServerResponseMessage) + sizeof (struct in_addr) + sizeof (uint16_t); if (NULL == s5r->wtask) s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, - s5r->sock, - &do_write, s5r); + s5r->sock, + &do_write, s5r); } @@ -2351,8 +2423,8 @@ signal_socks_success (struct Socks5Request *s5r) */ static void handle_gns_result (void *cls, - uint32_t rd_count, - const struct GNUNET_GNSRECORD_Data *rd) + uint32_t rd_count, + const struct GNUNET_GNSRECORD_Data *rd) { struct Socks5Request *s5r = cls; uint32_t i; @@ -2366,100 +2438,100 @@ handle_gns_result (void *cls, r = &rd[i]; switch (r->record_type) { - case GNUNET_DNSPARSER_TYPE_A: - { - struct sockaddr_in *in; - - if (sizeof (struct in_addr) != r->data_size) - { - GNUNET_break_op (0); - break; - } - if (GNUNET_YES == got_ip) - break; - if (GNUNET_OK != - GNUNET_NETWORK_test_pf (PF_INET)) - break; - got_ip = GNUNET_YES; - in = (struct sockaddr_in *) &s5r->destination_address; - in->sin_family = AF_INET; - GNUNET_memcpy (&in->sin_addr, - r->data, - r->data_size); - in->sin_port = htons (s5r->port); + case GNUNET_DNSPARSER_TYPE_A: + { + struct sockaddr_in *in; + + if (sizeof (struct in_addr) != r->data_size) + { + GNUNET_break_op (0); + break; + } + if (GNUNET_YES == got_ip) + break; + if (GNUNET_OK != + GNUNET_NETWORK_test_pf (PF_INET)) + break; + got_ip = GNUNET_YES; + in = (struct sockaddr_in *) &s5r->destination_address; + in->sin_family = AF_INET; + GNUNET_memcpy (&in->sin_addr, + r->data, + r->data_size); + in->sin_port = htons (s5r->port); #if HAVE_SOCKADDR_IN_SIN_LEN - in->sin_len = sizeof (*in); + in->sin_len = sizeof (*in); #endif - } - break; - case GNUNET_DNSPARSER_TYPE_AAAA: - { - struct sockaddr_in6 *in; - - if (sizeof (struct in6_addr) != r->data_size) - { - GNUNET_break_op (0); - break; - } - if (GNUNET_YES == got_ip) - break; - if (GNUNET_OK != - GNUNET_NETWORK_test_pf (PF_INET)) - break; - /* FIXME: allow user to disable IPv6 per configuration option... */ - got_ip = GNUNET_YES; - in = (struct sockaddr_in6 *) &s5r->destination_address; - in->sin6_family = AF_INET6; - GNUNET_memcpy (&in->sin6_addr, - r->data, - r->data_size); - in->sin6_port = htons (s5r->port); + } + break; + case GNUNET_DNSPARSER_TYPE_AAAA: + { + struct sockaddr_in6 *in; + + if (sizeof (struct in6_addr) != r->data_size) + { + GNUNET_break_op (0); + break; + } + if (GNUNET_YES == got_ip) + break; + if (GNUNET_OK != + GNUNET_NETWORK_test_pf (PF_INET)) + break; + /* FIXME: allow user to disable IPv6 per configuration option... */ + got_ip = GNUNET_YES; + in = (struct sockaddr_in6 *) &s5r->destination_address; + in->sin6_family = AF_INET6; + GNUNET_memcpy (&in->sin6_addr, + r->data, + r->data_size); + in->sin6_port = htons (s5r->port); #if HAVE_SOCKADDR_IN_SIN_LEN - in->sin6_len = sizeof (*in); + in->sin6_len = sizeof (*in); #endif - } - break; - case GNUNET_GNSRECORD_TYPE_VPN: - GNUNET_break (0); /* should have been translated within GNS */ - break; - case GNUNET_GNSRECORD_TYPE_LEHO: - GNUNET_free_non_null (s5r->leho); - s5r->leho = GNUNET_strndup (r->data, - r->data_size); - break; - case GNUNET_GNSRECORD_TYPE_BOX: - { - const struct GNUNET_GNSRECORD_BoxRecord *box; - - if (r->data_size < sizeof (struct GNUNET_GNSRECORD_BoxRecord)) + } + break; + case GNUNET_GNSRECORD_TYPE_VPN: + GNUNET_break (0); /* should have been translated within GNS */ + break; + case GNUNET_GNSRECORD_TYPE_LEHO: + GNUNET_free_non_null (s5r->leho); + s5r->leho = GNUNET_strndup (r->data, + r->data_size); + break; + case GNUNET_GNSRECORD_TYPE_BOX: { - GNUNET_break_op (0); + const struct GNUNET_GNSRECORD_BoxRecord *box; + + if (r->data_size < sizeof (struct GNUNET_GNSRECORD_BoxRecord)) + { + GNUNET_break_op (0); + break; + } + box = r->data; + if ( (ntohl (box->record_type) != GNUNET_DNSPARSER_TYPE_TLSA) || + (ntohs (box->protocol) != IPPROTO_TCP) || + (ntohs (box->service) != s5r->port) ) + break; /* BOX record does not apply */ + GNUNET_free_non_null (s5r->dane_data); + s5r->dane_data_len = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); + s5r->dane_data = GNUNET_malloc (s5r->dane_data_len); + GNUNET_memcpy (s5r->dane_data, + &box[1], + s5r->dane_data_len); break; } - box = r->data; - if ( (ntohl (box->record_type) != GNUNET_DNSPARSER_TYPE_TLSA) || - (ntohs (box->protocol) != IPPROTO_TCP) || - (ntohs (box->service) != s5r->port) ) - break; /* BOX record does not apply */ - GNUNET_free_non_null (s5r->dane_data); - s5r->dane_data_len = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord); - s5r->dane_data = GNUNET_malloc (s5r->dane_data_len); - GNUNET_memcpy (s5r->dane_data, - &box[1], - s5r->dane_data_len); + default: + /* don't care */ break; - } - default: - /* don't care */ - break; } } if (GNUNET_YES != got_ip) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Name resolution failed to yield useful IP address.\n"); + "Name resolution failed to yield useful IP address.\n"); signal_socks_failure (s5r, - SOCKS5_STATUS_GENERAL_FAILURE); + SOCKS5_STATUS_GENERAL_FAILURE); return; } s5r->state = SOCKS5_DATA_TRANSFER; @@ -2475,12 +2547,12 @@ handle_gns_result (void *cls, */ static void clear_from_s5r_rbuf (struct Socks5Request *s5r, - size_t len) + size_t len) { GNUNET_assert (len <= s5r->rbuf_len); memmove (s5r->rbuf, - &s5r->rbuf[len], - s5r->rbuf_len - len); + &s5r->rbuf[len], + s5r->rbuf_len - len); s5r->rbuf_len -= len; } @@ -2507,196 +2579,196 @@ do_s5r_read (void *cls) (GNUNET_NETWORK_fdset_isset (tc->read_ready, s5r->sock)) ) { rlen = GNUNET_NETWORK_socket_recv (s5r->sock, - &s5r->rbuf[s5r->rbuf_len], - sizeof (s5r->rbuf) - s5r->rbuf_len); + &s5r->rbuf[s5r->rbuf_len], + sizeof (s5r->rbuf) - s5r->rbuf_len); if (rlen <= 0) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "socks5 client disconnected.\n"); + "socks5 client disconnected.\n"); cleanup_s5r (s5r); return; } s5r->rbuf_len += rlen; } s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, - s5r->sock, - &do_s5r_read, s5r); + s5r->sock, + &do_s5r_read, s5r); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Processing %zu bytes of socks data in state %d\n", - s5r->rbuf_len, - s5r->state); + "Processing %zu bytes of socks data in state %d\n", + s5r->rbuf_len, + s5r->state); switch (s5r->state) { - case SOCKS5_INIT: - c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf; - if ( (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage)) || - (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods) ) - return; /* need more data */ - if (SOCKS_VERSION_5 != c_hello->version) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unsupported socks version %d\n"), - (int) c_hello->version); - cleanup_s5r (s5r); - return; - } - clear_from_s5r_rbuf (s5r, - sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods); - GNUNET_assert (0 == s5r->wbuf_len); - s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf; - s5r->wbuf_len = sizeof (struct Socks5ServerHelloMessage); - s_hello->version = SOCKS_VERSION_5; - s_hello->auth_method = SOCKS_AUTH_NONE; - GNUNET_assert (NULL == s5r->wtask); - s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, - s5r->sock, - &do_write, s5r); - s5r->state = SOCKS5_REQUEST; - return; - case SOCKS5_REQUEST: - c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf; - if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage)) - return; - switch (c_req->command) - { - case SOCKS5_CMD_TCP_STREAM: - /* handled below */ - break; - default: - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unsupported socks command %d\n"), - (int) c_req->command); - signal_socks_failure (s5r, - SOCKS5_STATUS_COMMAND_NOT_SUPPORTED); + case SOCKS5_INIT: + c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf; + if ( (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage)) || + (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods) ) + return; /* need more data */ + if (SOCKS_VERSION_5 != c_hello->version) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Unsupported socks version %d\n"), + (int) c_hello->version); + cleanup_s5r (s5r); + return; + } + clear_from_s5r_rbuf (s5r, + sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods); + GNUNET_assert (0 == s5r->wbuf_len); + s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf; + s5r->wbuf_len = sizeof (struct Socks5ServerHelloMessage); + s_hello->version = SOCKS_VERSION_5; + s_hello->auth_method = SOCKS_AUTH_NONE; + GNUNET_assert (NULL == s5r->wtask); + s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, + s5r->sock, + &do_write, s5r); + s5r->state = SOCKS5_REQUEST; return; - } - switch (c_req->addr_type) - { - case SOCKS5_AT_IPV4: + case SOCKS5_REQUEST: + c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf; + if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage)) + return; + switch (c_req->command) { - const struct in_addr *v4 = (const struct in_addr *) &c_req[1]; - const uint16_t *port = (const uint16_t *) &v4[1]; - struct sockaddr_in *in; - - s5r->port = ntohs (*port); - if (HTTPS_PORT == s5r->port) - { + case SOCKS5_CMD_TCP_STREAM: + /* handled below */ + break; + default: GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("SSL connection to plain IPv4 address requested\n")); + _("Unsupported socks command %d\n"), + (int) c_req->command); signal_socks_failure (s5r, - SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); + SOCKS5_STATUS_COMMAND_NOT_SUPPORTED); return; - } - alen = sizeof (struct in_addr); - if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + - alen + sizeof (uint16_t)) - return; /* need more data */ - in = (struct sockaddr_in *) &s5r->destination_address; - in->sin_family = AF_INET; - in->sin_addr = *v4; - in->sin_port = *port; -#if HAVE_SOCKADDR_IN_SIN_LEN - in->sin_len = sizeof (*in); -#endif - s5r->state = SOCKS5_DATA_TRANSFER; } - break; - case SOCKS5_AT_IPV6: + switch (c_req->addr_type) { - const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1]; - const uint16_t *port = (const uint16_t *) &v6[1]; - struct sockaddr_in6 *in; - - s5r->port = ntohs (*port); - if (HTTPS_PORT == s5r->port) - { + case SOCKS5_AT_IPV4: + { + const struct in_addr *v4 = (const struct in_addr *) &c_req[1]; + const uint16_t *port = (const uint16_t *) &v4[1]; + struct sockaddr_in *in; + + s5r->port = ntohs (*port); + if (HTTPS_PORT == s5r->port) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("SSL connection to plain IPv4 address requested\n")); + signal_socks_failure (s5r, + SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); + return; + } + alen = sizeof (struct in_addr); + if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + + alen + sizeof (uint16_t)) + return; /* need more data */ + in = (struct sockaddr_in *) &s5r->destination_address; + in->sin_family = AF_INET; + in->sin_addr = *v4; + in->sin_port = *port; +#if HAVE_SOCKADDR_IN_SIN_LEN + in->sin_len = sizeof (*in); +#endif + s5r->state = SOCKS5_DATA_TRANSFER; + } + break; + case SOCKS5_AT_IPV6: + { + const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1]; + const uint16_t *port = (const uint16_t *) &v6[1]; + struct sockaddr_in6 *in; + + s5r->port = ntohs (*port); + if (HTTPS_PORT == s5r->port) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("SSL connection to plain IPv4 address requested\n")); + signal_socks_failure (s5r, + SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); + return; + } + alen = sizeof (struct in6_addr); + if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + + alen + sizeof (uint16_t)) + return; /* need more data */ + in = (struct sockaddr_in6 *) &s5r->destination_address; + in->sin6_family = AF_INET6; + in->sin6_addr = *v6; + in->sin6_port = *port; +#if HAVE_SOCKADDR_IN_SIN_LEN + in->sin6_len = sizeof (*in); +#endif + s5r->state = SOCKS5_DATA_TRANSFER; + } + break; + case SOCKS5_AT_DOMAINNAME: + { + const uint8_t *dom_len; + const char *dom_name; + const uint16_t *port; + + dom_len = (const uint8_t *) &c_req[1]; + alen = *dom_len + 1; + if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + + alen + sizeof (uint16_t)) + return; /* need more data */ + dom_name = (const char *) &dom_len[1]; + port = (const uint16_t*) &dom_name[*dom_len]; + s5r->domain = GNUNET_strndup (dom_name, *dom_len); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Requested connection is to %s:%d\n", + s5r->domain, + ntohs (*port)); + s5r->state = SOCKS5_RESOLVING; + s5r->port = ntohs (*port); + s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, + s5r->domain, + &local_gns_zone, + GNUNET_DNSPARSER_TYPE_A, + GNUNET_NO /* only cached */, + (GNUNET_YES == do_shorten) ? &local_shorten_zone : NULL, + &handle_gns_result, + s5r); + break; + } + default: GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("SSL connection to plain IPv4 address requested\n")); + _("Unsupported socks address type %d\n"), + (int) c_req->addr_type); signal_socks_failure (s5r, - SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE); + SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED); return; - } - alen = sizeof (struct in6_addr); - if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + - alen + sizeof (uint16_t)) - return; /* need more data */ - in = (struct sockaddr_in6 *) &s5r->destination_address; - in->sin6_family = AF_INET6; - in->sin6_addr = *v6; - in->sin6_port = *port; -#if HAVE_SOCKADDR_IN_SIN_LEN - in->sin6_len = sizeof (*in); -#endif - s5r->state = SOCKS5_DATA_TRANSFER; } - break; - case SOCKS5_AT_DOMAINNAME: + clear_from_s5r_rbuf (s5r, + sizeof (struct Socks5ClientRequestMessage) + + alen + sizeof (uint16_t)); + if (0 != s5r->rbuf_len) { - const uint8_t *dom_len; - const char *dom_name; - const uint16_t *port; - - dom_len = (const uint8_t *) &c_req[1]; - alen = *dom_len + 1; - if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) + - alen + sizeof (uint16_t)) - return; /* need more data */ - dom_name = (const char *) &dom_len[1]; - port = (const uint16_t*) &dom_name[*dom_len]; - s5r->domain = GNUNET_strndup (dom_name, *dom_len); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Requested connection is to %s:%d\n", - s5r->domain, - ntohs (*port)); - s5r->state = SOCKS5_RESOLVING; - s5r->port = ntohs (*port); - s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, - s5r->domain, - &local_gns_zone, - GNUNET_DNSPARSER_TYPE_A, - GNUNET_NO /* only cached */, - (GNUNET_YES == do_shorten) ? &local_shorten_zone : NULL, - &handle_gns_result, - s5r); - break; + /* read more bytes than healthy, why did the client send more!? */ + GNUNET_break_op (0); + signal_socks_failure (s5r, + SOCKS5_STATUS_GENERAL_FAILURE); + return; } - default: - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Unsupported socks address type %d\n"), - (int) c_req->addr_type); - signal_socks_failure (s5r, - SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED); + if (SOCKS5_DATA_TRANSFER == s5r->state) + { + /* if we are not waiting for GNS resolution, signal success */ + signal_socks_success (s5r); + } + /* We are done reading right now */ + GNUNET_SCHEDULER_cancel (s5r->rtask); + s5r->rtask = NULL; return; - } - clear_from_s5r_rbuf (s5r, - sizeof (struct Socks5ClientRequestMessage) + - alen + sizeof (uint16_t)); - if (0 != s5r->rbuf_len) - { - /* read more bytes than healthy, why did the client send more!? */ - GNUNET_break_op (0); - signal_socks_failure (s5r, - SOCKS5_STATUS_GENERAL_FAILURE); + case SOCKS5_RESOLVING: + GNUNET_assert (0); + return; + case SOCKS5_DATA_TRANSFER: + GNUNET_assert (0); + return; + default: + GNUNET_assert (0); return; - } - if (SOCKS5_DATA_TRANSFER == s5r->state) - { - /* if we are not waiting for GNS resolution, signal success */ - signal_socks_success (s5r); - } - /* We are done reading right now */ - GNUNET_SCHEDULER_cancel (s5r->rtask); - s5r->rtask = NULL; - return; - case SOCKS5_RESOLVING: - GNUNET_assert (0); - return; - case SOCKS5_DATA_TRANSFER: - GNUNET_assert (0); - return; - default: - GNUNET_assert (0); - return; } } @@ -2736,8 +2808,8 @@ do_accept (void *cls) "Got an inbound connection, waiting for data\n"); s5r = GNUNET_new (struct Socks5Request); GNUNET_CONTAINER_DLL_insert (s5r_head, - s5r_tail, - s5r); + s5r_tail, + s5r); s5r->sock = s; s5r->state = SOCKS5_INIT; s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, @@ -2839,7 +2911,7 @@ bind_v4 () return NULL; if (GNUNET_OK != GNUNET_NETWORK_socket_bind (ls, (const struct sockaddr *) &sa4, - sizeof (sa4))) + sizeof (sa4))) { eno = errno; GNUNET_NETWORK_socket_close (ls); @@ -2875,7 +2947,7 @@ bind_v6 () return NULL; if (GNUNET_OK != GNUNET_NETWORK_socket_bind (ls, (const struct sockaddr *) &sa6, - sizeof (sa6))) + sizeof (sa6))) { eno = errno; GNUNET_NETWORK_socket_close (ls); @@ -2949,13 +3021,14 @@ run_cont () /* start MHD daemon for HTTP */ hd = GNUNET_new (struct MhdHttpList); hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_NO_LISTEN_SOCKET, - 0, - NULL, NULL, - &create_response, hd, - MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16, - MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL, - MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL, - MHD_OPTION_END); + 0, + NULL, NULL, + &create_response, hd, + MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16, + MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL, + MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL, + MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL, + MHD_OPTION_END); if (NULL == hd->daemon) { GNUNET_free (hd); @@ -2988,15 +3061,15 @@ run_cont () */ static void identity_shorten_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) { id_op = NULL; if (NULL == ego) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - _("No ego configured for `shorten-zone`\n")); + _("No ego configured for `shorten-zone`\n")); } else { @@ -3028,25 +3101,25 @@ identity_shorten_cb (void *cls, */ static void identity_master_cb (void *cls, - struct GNUNET_IDENTITY_Ego *ego, - void **ctx, - const char *name) + struct GNUNET_IDENTITY_Ego *ego, + void **ctx, + const char *name) { id_op = NULL; if (NULL == ego) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("No ego configured for `%s`\n"), - "gns-proxy"); + _("No ego configured for `%s`\n"), + "gns-proxy"); GNUNET_SCHEDULER_shutdown (); return; } GNUNET_IDENTITY_ego_get_public_key (ego, - &local_gns_zone); + &local_gns_zone); id_op = GNUNET_IDENTITY_get (identity, - "gns-short", - &identity_shorten_cb, - NULL); + "gns-short", + &identity_shorten_cb, + NULL); } @@ -3077,12 +3150,12 @@ run (void *cls, char *const *args, const char *cfgfile, if (NULL == cafile) { if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy", - "PROXY_CACERT", - &cafile_cfg)) + "PROXY_CACERT", + &cafile_cfg)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "gns-proxy", - "PROXY_CACERT"); + "gns-proxy", + "PROXY_CACERT"); return; } cafile = cafile_cfg; @@ -3098,8 +3171,8 @@ run (void *cls, char *const *args, const char *cfgfile, (GNUNET_OK != load_key_from_file (proxy_ca.key, cafile)) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - _("Failed to load SSL/TLS key and certificate from `%s'\n"), - cafile); + _("Failed to load SSL/TLS key and certificate from `%s'\n"), + cafile); gnutls_x509_crt_deinit (proxy_ca.cert); gnutls_x509_privkey_deinit (proxy_ca.key); gnutls_global_deinit (); @@ -3117,11 +3190,11 @@ run (void *cls, char *const *args, const char *cfgfile, return; } identity = GNUNET_IDENTITY_connect (cfg, - NULL, NULL); + NULL, NULL); id_op = GNUNET_IDENTITY_get (identity, - "gns-proxy", - &identity_master_cb, - NULL); + "gns-proxy", + &identity_master_cb, + NULL); GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); } @@ -3138,8 +3211,8 @@ main (int argc, char *const *argv) { static const struct GNUNET_GETOPT_CommandLineOption options[] = { {'p', "port", NULL, - gettext_noop ("listen on specified port (default: 7777)"), 1, - &GNUNET_GETOPT_set_ulong, &port}, + gettext_noop ("listen on specified port (default: 7777)"), 1, + &GNUNET_GETOPT_set_ulong, &port}, {'a', "authority", NULL, gettext_noop ("pem file to use as CA"), 1, &GNUNET_GETOPT_set_string, &cafile_opt}, @@ -3154,15 +3227,15 @@ main (int argc, char *const *argv) return 2; GNUNET_log_setup ("gnunet-gns-proxy", "WARNING", NULL); curl_failure_response = MHD_create_response_from_buffer (strlen (page), - (void*)page, - MHD_RESPMEM_PERSISTENT); + (void*)page, + MHD_RESPMEM_PERSISTENT); ret = - (GNUNET_OK == - GNUNET_PROGRAM_run (argc, argv, "gnunet-gns-proxy", - _("GNUnet GNS proxy"), - options, - &run, NULL)) ? 0 : 1; + (GNUNET_OK == + GNUNET_PROGRAM_run (argc, argv, "gnunet-gns-proxy", + _("GNUnet GNS proxy"), + options, + &run, NULL)) ? 0 : 1; MHD_destroy_response (curl_failure_response); GNUNET_free_non_null ((char *) argv); GNUNET_CRYPTO_ecdsa_key_clear (&local_shorten_zone); -- 2.25.1