diff options
-rw-r--r-- | dtls.c | 15 | ||||
-rw-r--r-- | dtls.h | 1 | ||||
-rw-r--r-- | radsecproxy.c | 42 | ||||
-rw-r--r-- | radsecproxy.h | 4 | ||||
-rw-r--r-- | tcp.c | 9 | ||||
-rw-r--r-- | tcp.h | 1 | ||||
-rw-r--r-- | tls.c | 9 | ||||
-rw-r--r-- | tls.h | 1 | ||||
-rw-r--r-- | udp.c | 16 | ||||
-rw-r--r-- | udp.h | 1 |
10 files changed, 67 insertions, 32 deletions
@@ -35,6 +35,7 @@ static int client4_sock = -1; static int client6_sock = -1; +static struct addrinfo *srcres = NULL; struct sessioncacheentry { pthread_mutex_t mutex; @@ -48,6 +49,11 @@ struct dtlsservernewparams { struct sockaddr_storage addr; }; +void dtlssetsrcres(char *source) { + if (!srcres) + srcres = resolve_hostport_addrinfo(RAD_DTLS, source); +} + int udp2bio(int s, struct queue *q, int cnt) { unsigned char *buf; BIO *rbio; @@ -613,7 +619,7 @@ void addserverextradtls(struct clsrvconf *conf) { switch (conf->addrinfo->ai_family) { case AF_INET: if (client4_sock < 0) { - client4_sock = bindtoaddr(getsrcprotores(RAD_DTLS), AF_INET, 0, 1); + client4_sock = bindtoaddr(srcres, AF_INET, 0, 1); if (client4_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->host); } @@ -621,7 +627,7 @@ void addserverextradtls(struct clsrvconf *conf) { break; case AF_INET6: if (client6_sock < 0) { - client6_sock = bindtoaddr(getsrcprotores(RAD_DTLS), AF_INET6, 0, 1); + client6_sock = bindtoaddr(srcres, AF_INET6, 0, 1); if (client6_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->host); } @@ -634,6 +640,11 @@ void addserverextradtls(struct clsrvconf *conf) { void initextradtls() { pthread_t cl4th, cl6th; + + if (srcres) { + freeaddrinfo(srcres); + srcres = NULL; + } if (client4_sock >= 0) if (pthread_create(&cl4th, NULL, udpdtlsclientrd, (void *)&client4_sock)) @@ -6,6 +6,7 @@ * copyright notice and this permission notice appear in all copies. */ +void dtlssetsrcres(char *source); void *udpdtlsserverrd(void *arg); int dtlsconnect(struct server *server, struct timeval *when, int timeout, char *text); void *dtlsclientrd(void *arg); diff --git a/radsecproxy.c b/radsecproxy.c index 90f8bc7..8b1efa6 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -82,8 +82,6 @@ static struct list *clconfs, *srvconfs; struct list *realms; struct hash *tlsconfs, *rewriteconfs; -static struct addrinfo *srcprotores[RAD_PROTOCOUNT]; - static pthread_mutex_t *ssl_locks = NULL; static long *ssl_lock_count; extern int optind; @@ -115,7 +113,7 @@ static const struct protodefs protodefs[] = { clientradputudp, /* clientradput */ addclientudp, /* addclient */ addserverextraudp, /* addserverextra */ - 1, /* freesrcprotores */ + udpsetsrcres, /* setsrcres */ initextraudp /* initextra */ }, { "tls", /* TLS, assuming RAD_TLS defined as 1 */ @@ -133,7 +131,7 @@ static const struct protodefs protodefs[] = { clientradputtls, /* clientradput */ NULL, /* addclient */ NULL, /* addserverextra */ - 0, /* freesrcprotores */ + tlssetsrcres, /* setsrcres */ NULL /* initextra */ }, { "tcp", /* TCP, assuming RAD_TCP defined as 2 */ @@ -151,7 +149,7 @@ static const struct protodefs protodefs[] = { clientradputtcp, /* clientradput */ NULL, /* addclient */ NULL, /* addserverextra */ - 0, /* freesrcprotores */ + tcpsetsrcres, /* setsrcres */ NULL /* initextra */ }, { "dtls", /* DTLS, assuming RAD_DTLS defined as 3 */ @@ -169,10 +167,10 @@ static const struct protodefs protodefs[] = { clientradputdtls, /* clientradput */ NULL, /* addclient */ addserverextradtls, /* addserverextra */ - 1, /* freesrcprotores */ + dtlssetsrcres, /* setsrcres */ initextradtls /* initextra */ }, - { NULL, NULL, 0, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL + { NULL, NULL, 0, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } }; @@ -258,10 +256,6 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) { return ok; } -struct addrinfo *getsrcprotores(uint8_t type) { - return srcprotores[type]; -} - int resolvepeer(struct clsrvconf *conf, int ai_flags) { struct addrinfo hints, *addrinfo, *res; char *slash, *s; @@ -400,6 +394,17 @@ void freeclsrvres(struct clsrvconf *res) { free(res); } +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport) { + struct addrinfo *ai; + struct clsrvconf *res; + + res = resolve_hostport(type, hostport, NULL); + ai = res->addrinfo; + res->addrinfo = NULL; + freeclsrvres(res); + return ai; +} + /* returns 1 if the len first bits are equal, else 0 */ int prefixmatch(void *a1, void *a2, uint8_t len) { static uint8_t mask[] = { 0, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; @@ -643,7 +648,6 @@ void freeserver(struct server *server, uint8_t destroymutex) { } int addserver(struct clsrvconf *conf) { - struct clsrvconf *res; uint8_t type; int i; @@ -662,13 +666,8 @@ int addserver(struct clsrvconf *conf) { type = conf->type; if (type == RAD_DTLS) conf->servers->rbios = newqueue(); - - if (!srcprotores[type]) { - res = resolve_hostport(type, options.sourcearg[type], NULL); - srcprotores[type] = res->addrinfo; - res->addrinfo = NULL; - freeclsrvres(res); - } + + conf->pdef->setsrcres(options.sourcearg[type]); conf->servers->sock = -1; if (conf->pdef->addserverextra) @@ -3839,7 +3838,6 @@ int main(int argc, char **argv) { pthread_sigmask(SIG_BLOCK, &sigset, NULL); pthread_create(&sigth, NULL, sighandler, NULL); - memset(srcprotores, 0, sizeof(srcprotores)); for (entry = list_first(srvconfs); entry; entry = list_next(entry)) { srvconf = (struct clsrvconf *)entry->data; if (srvconf->dynamiclookupcommand) @@ -3852,10 +3850,6 @@ int main(int argc, char **argv) { } for (i = 0; protodefs[i].name; i++) { - if (protodefs[i].freesrcprotores && srcprotores[i]) { - freeaddrinfo(srcprotores[i]); - srcprotores[i] = NULL; - } if (protodefs[i].initextra) protodefs[i].initextra(); if (find_clconf_type(i, NULL)) diff --git a/radsecproxy.h b/radsecproxy.h index fd48964..7a83402 100644 --- a/radsecproxy.h +++ b/radsecproxy.h @@ -194,7 +194,7 @@ struct protodefs { int (*clientradput)(struct server *, unsigned char *); void (*addclient)(struct client *); void (*addserverextra)(struct clsrvconf *); - uint8_t freesrcprotores; + void (*setsrcres)(char *source); void (*initextra)(); }; @@ -205,7 +205,6 @@ struct protodefs { #define ATTRVAL(x) ((x) + 2) #define ATTRVALLEN(x) ((x)[1] - 2) -struct addrinfo *getsrcprotores(uint8_t type); struct clsrvconf *find_clconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); struct clsrvconf *find_srvconf(uint8_t type, struct sockaddr *addr, struct list_node **cur); struct clsrvconf *find_clconf_type(uint8_t type, struct list_node **cur); @@ -221,3 +220,4 @@ X509 *verifytlscert(SSL *ssl); int verifyconfcert(X509 *cert, struct clsrvconf *conf); void replyh(struct server *server, unsigned char *buf); SSL_CTX *tlsgetctx(uint8_t type, struct tls *t); +struct addrinfo *resolve_hostport_addrinfo(uint8_t type, char *hostport); @@ -31,6 +31,13 @@ #include "radsecproxy.h" #include "tcp.h" +static struct addrinfo *srcres = NULL; + +void tcpsetsrcres(char *source) { + if (!srcres) + srcres = resolve_hostport_addrinfo(RAD_TCP, source); +} + int tcpconnect(struct server *server, struct timeval *when, int timeout, char *text) { struct timeval now; time_t elapsed; @@ -70,7 +77,7 @@ int tcpconnect(struct server *server, struct timeval *when, int timeout, char *t debug(DBG_WARN, "tcpconnect: trying to open TCP connection to %s port %s", server->conf->host, server->conf->port); if (server->sock >= 0) close(server->sock); - if ((server->sock = connecttcp(server->conf->addrinfo, getsrcprotores(RAD_TCP))) >= 0) + if ((server->sock = connecttcp(server->conf->addrinfo, srcres)) >= 0) break; debug(DBG_ERR, "tcpconnect: connecttcp failed"); } @@ -6,6 +6,7 @@ * copyright notice and this permission notice appear in all copies. */ +void tcpsetsrcres(char *source); int tcpconnect(struct server *server, struct timeval *when, int timeout, char *text); int clientradputtcp(struct server *server, unsigned char *rad); void *tcpclientrd(void *arg); @@ -32,6 +32,13 @@ #include "radsecproxy.h" #include "tls.h" +static struct addrinfo *srcres = NULL; + +void tlssetsrcres(char *source) { + if (!srcres) + srcres = resolve_hostport_addrinfo(RAD_TLS, source); +} + int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text) { struct timeval now; time_t elapsed; @@ -76,7 +83,7 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->conf->host, server->conf->port); if (server->sock >= 0) close(server->sock); - if ((server->sock = connecttcp(server->conf->addrinfo, getsrcprotores(RAD_TLS))) < 0) { + if ((server->sock = connecttcp(server->conf->addrinfo, srcres)) < 0) { debug(DBG_ERR, "tlsconnect: connecttcp failed"); continue; } @@ -6,6 +6,7 @@ * copyright notice and this permission notice appear in all copies. */ +void tlssetsrcres(char *source); int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text); int clientradputtls(struct server *server, unsigned char *rad); void *tlsclientrd(void *arg); @@ -35,6 +35,13 @@ static int client4_sock = -1; static int client6_sock = -1; static struct queue *server_replyq = NULL; +static struct addrinfo *srcres = NULL; + +void udpsetsrcres(char *source) { + if (!srcres) + srcres = resolve_hostport_addrinfo(RAD_UDP, source); +} + void removeudpclientfromreplyq(struct client *c) { struct list_node *n; struct request *r; @@ -244,7 +251,7 @@ void addserverextraudp(struct clsrvconf *conf) { switch (conf->addrinfo->ai_family) { case AF_INET: if (client4_sock < 0) { - client4_sock = bindtoaddr(getsrcprotores(RAD_UDP), AF_INET, 0, 1); + client4_sock = bindtoaddr(srcres, AF_INET, 0, 1); if (client4_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->host); } @@ -252,7 +259,7 @@ void addserverextraudp(struct clsrvconf *conf) { break; case AF_INET6: if (client6_sock < 0) { - client6_sock = bindtoaddr(getsrcprotores(RAD_UDP), AF_INET6, 0, 1); + client6_sock = bindtoaddr(srcres, AF_INET6, 0, 1); if (client6_sock < 0) debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->host); } @@ -265,6 +272,11 @@ void addserverextraudp(struct clsrvconf *conf) { void initextraudp() { pthread_t cl4th, cl6th, srvth; + + if (srcres) { + freeaddrinfo(srcres); + srcres = NULL; + } if (client4_sock >= 0) if (pthread_create(&cl4th, NULL, udpclientrd, (void *)&client4_sock)) @@ -6,6 +6,7 @@ * copyright notice and this permission notice appear in all copies. */ +void udpsetsrcres(char *source); int clientradputudp(struct server *server, unsigned char *rad); void *udpclientrd(void *arg); void *udpserverrd(void *arg); |