diff --git a/ssld/ssld.c b/ssld/ssld.c index 42031a59..f6e49ccb 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id: ssld.c 25221 2008-04-09 22:12:16Z jilles $ + * $Id: ssld.c 25594 2008-06-25 14:58:47Z androsyn $ */ @@ -38,41 +38,34 @@ static void setup_signals(void); static inline rb_int32_t buf_to_int32(char *buf) { rb_int32_t x; - x = *buf << 24; - x |= *(++buf) << 16; - x |= *(++buf) << 8; - x |= *(++buf); + memcpy(&x, buf, sizeof(x)); return x; } static inline void int32_to_buf(char *buf, rb_int32_t x) { - *(buf) = x >> 24 & 0xFF; - *(++buf) = x >> 16 & 0xFF; - *(++buf) = x >> 8 & 0xFF; - *(++buf) = x & 0xFF; + memcpy(buf, &x, sizeof(x)); return; } static inline rb_uint16_t buf_to_uint16(char *buf) { rb_uint16_t x; - x = *(buf) << 8; - x |= *(++buf); + memcpy(&x, buf, sizeof(x)); return x; } static inline void uint16_to_buf(char *buf, rb_uint16_t x) { - *(buf) = x >> 8 & 0xFF; - *(++buf) = x & 0xFF; + memcpy(buf, &x, sizeof(x)); return; } - static char inbuf[READBUF_SIZE]; +#ifdef HAVE_LIBZ static char outbuf[READBUF_SIZE]; +#endif typedef struct _mod_ctl_buf { @@ -154,9 +147,13 @@ typedef struct _conn #define NO_WAIT 0x0 #define WAIT_PLAIN 0x1 +#define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head) +#define HASH_WALK_END } #define CONN_HASH_SIZE 2000 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)]) + + static rb_dlink_list connid_hash_table[CONN_HASH_SIZE]; static rb_dlink_list dead_list; @@ -173,6 +170,9 @@ static int zlib_ok = 1; #else static int zlib_ok = 0; #endif + + +#ifdef HAVE_LIBZ static void * ssld_alloc(void *unused, size_t count, size_t size) { @@ -184,6 +184,7 @@ ssld_free(void *unused, void *ptr) { rb_free(ptr); } +#endif static conn_t * conn_find_by_id(rb_int32_t id) @@ -212,12 +213,14 @@ free_conn(conn_t * conn) { rb_free_rawbuffer(conn->modbuf_out); rb_free_rawbuffer(conn->plainbuf_out); +#ifdef HAVE_LIBZ if(IsZip(conn)) { zlib_stream_t *stream = conn->stream; inflateEnd(&stream->instream); deflateEnd(&stream->outstream); } +#endif rb_free(conn); } @@ -287,6 +290,30 @@ make_conn(mod_ctl_t *ctl, rb_fde_t * mod_fd, rb_fde_t * plain_fd) return conn; } +static void +check_handshake_flood(void *unused) +{ + conn_t *conn; + rb_dlink_node *ptr, *next; + unsigned int count; + int i; + HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table) + { + conn = ptr->data; + if(!IsSSL(conn)) + continue; + + count = rb_ssl_handshake_count(conn->mod_fd); + /* nothing needs to do this more than twice in ten seconds i don't think */ + if(count > 2) + close_conn(conn, WAIT_PLAIN, "Handshake flooding"); + else + rb_ssl_clear_handshake_count(conn->mod_fd); + } + HASH_WALK_END + +} + static void conn_mod_write_sendq(rb_fde_t * fd, void *data) { @@ -1031,7 +1058,7 @@ main(int argc, char **argv) if(s_ctlfd == NULL || s_pipe == NULL) { fprintf(stderr, "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n"); - fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25221 2008-04-09 22:12:16Z jilles $\n"); + fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25594 2008-06-25 14:58:47Z androsyn $\n"); fprintf(stderr, "Have a nice life\n"); exit(1); } @@ -1070,6 +1097,7 @@ main(int argc, char **argv) rb_set_nb(mod_ctl->F); rb_set_nb(mod_ctl->F_pipe); rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10); + rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10); read_pipe_ctl(mod_ctl->F_pipe, NULL); mod_read_ctl(mod_ctl->F, mod_ctl); if(!zlib_ok && !ssl_ok)