diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/exim_monitor/em_hdr.h | 1 | ||||
-rw-r--r-- | src/src/exim.h | 1 | ||||
-rw-r--r-- | src/src/functions.h | 4 | ||||
-rw-r--r-- | src/src/globals.c | 1 | ||||
-rw-r--r-- | src/src/globals.h | 1 | ||||
-rw-r--r-- | src/src/hash.h | 1 | ||||
-rw-r--r-- | src/src/ip.c | 30 | ||||
-rw-r--r-- | src/src/routers/iplookup.c | 3 | ||||
-rw-r--r-- | src/src/smtp_out.c | 35 | ||||
-rw-r--r-- | src/src/transports/appendfile.c | 2 | ||||
-rw-r--r-- | src/src/transports/smtp_socks.c | 16 | ||||
-rw-r--r-- | src/src/verify.c | 15 |
12 files changed, 74 insertions, 36 deletions
diff --git a/src/exim_monitor/em_hdr.h b/src/exim_monitor/em_hdr.h index a7e874a87..67294368a 100644 --- a/src/exim_monitor/em_hdr.h +++ b/src/exim_monitor/em_hdr.h @@ -100,6 +100,7 @@ typedef void hctx; #include "local_scan.h" #include "structs.h" +#include "blob.h" #include "globals.h" #include "dbstuff.h" #include "functions.h" diff --git a/src/src/exim.h b/src/src/exim.h index 4ca28130a..f8dd9a9ba 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -492,6 +492,7 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #include "macros.h" #include "dbstuff.h" #include "structs.h" +#include "blob.h" #include "globals.h" #include "hash.h" #include "functions.h" diff --git a/src/src/functions.h b/src/src/functions.h index dd6c9810b..a96ffb69c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -235,7 +235,7 @@ extern uschar *imap_utf7_encode(uschar *, const uschar *, extern void invert_address(uschar *, uschar *); extern int ip_addr(void *, int, const uschar *, int); extern int ip_bind(int, int, uschar *, int); -extern int ip_connect(int, int, const uschar *, int, int, BOOL); +extern int ip_connect(int, int, const uschar *, int, int, const blob *); extern int ip_connectedsocket(int, const uschar *, int, int, int, host_item *, uschar **); extern int ip_get_address_family(int); @@ -397,7 +397,7 @@ extern uschar *smtp_cmd_hist(void); extern int smtp_connect(host_item *, int, uschar *, int, transport_instance *); extern int smtp_sock_connect(host_item *, int, int, uschar *, - transport_instance * tb, int); + transport_instance * tb, int, const blob *); extern int smtp_feof(void); extern int smtp_ferror(void); extern uschar *smtp_get_connection_info(void); diff --git a/src/src/globals.c b/src/src/globals.c index 97debee58..57041fc4e 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1417,6 +1417,7 @@ BOOL system_filter_uid_set = FALSE; BOOL system_filtering = FALSE; BOOL tcp_fastopen_ok = FALSE; +blob tcp_fastopen_nodata = { .data = NULL, .len = 0 }; BOOL tcp_in_fastopen = FALSE; BOOL tcp_in_fastopen_logged = FALSE; BOOL tcp_nodelay = TRUE; diff --git a/src/src/globals.h b/src/src/globals.h index 7578a1d82..2957587b0 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -922,6 +922,7 @@ extern BOOL system_filter_uid_set; /* TRUE if uid set */ extern BOOL system_filtering; /* TRUE when running system filter */ extern BOOL tcp_fastopen_ok; /* appears to be supported by kernel */ +extern blob tcp_fastopen_nodata; /* for zero-data TFO connect requests */ extern BOOL tcp_in_fastopen; /* conn used fastopen */ extern BOOL tcp_in_fastopen_logged; /* one-time logging */ extern BOOL tcp_nodelay; /* Controls TCP_NODELAY on daemon */ diff --git a/src/src/hash.h b/src/src/hash.h index b745e6218..337dc9910 100644 --- a/src/src/hash.h +++ b/src/src/hash.h @@ -12,7 +12,6 @@ #define HASH_H #include "sha_ver.h" -#include "blob.h" #ifdef SHA_OPENSSL # include <openssl/sha.h> diff --git a/src/src/ip.c b/src/src/ip.c index 08d32f21b..872745144 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -175,14 +175,15 @@ Arguments: address the remote address, in text form port the remote port timeout a timeout (zero for indefinite timeout) - fastopen TRUE iff TCP_FASTOPEN can be used + fastopen non-null iff TCP_FASTOPEN can be used; may indicate early-data to + be sent in SYN segment Returns: 0 on success; -1 on failure, with errno set */ int ip_connect(int sock, int af, const uschar *address, int port, int timeout, - BOOL fastopen) + const blob * fastopen) { struct sockaddr_in s_in4; struct sockaddr *s_ptr; @@ -235,19 +236,30 @@ connect in FASTOPEN mode but with zero data. if (fastopen) { - if ((rc = sendto(sock, NULL, 0, MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) < 0) - if (errno == EINPROGRESS) /* the expected case */ - rc = 0; + if ((rc = sendto(sock, fastopen->data, fastopen->len, + MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) < 0) + if (errno == EINPROGRESS) /* expected for nonready peer */ + { /* queue the data */ + if ( (rc = send(sock, fastopen->data, fastopen->len, 0)) < 0 + && errno == EINPROGRESS) /* expected for nonready peer */ + rc = 0; + } else if(errno == EOPNOTSUPP) { DEBUG(D_transport) debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); - rc = connect(sock, s_ptr, s_len); + goto legacy_connect; } } else #endif - rc = connect(sock, s_ptr, s_len); + { +legacy_connect: + if ((rc = connect(sock, s_ptr, s_len)) >= 0) + if ( fastopen && fastopen->data && fastopen->len + && send(sock, fastopen->data, fastopen->len, 0) < 0) + rc = -1; + } save_errno = errno; alarm(0); @@ -292,6 +304,7 @@ Arguments: timeout a timeout connhost if not NULL, host_item filled in with connection details errstr pointer for allocated string on error +XXX could add early-data support Return: socket fd, or -1 on failure (having allocated an error string) @@ -304,7 +317,8 @@ int namelen, port; host_item shost; host_item *h; int af = 0, fd, fd4 = -1, fd6 = -1; -BOOL fastopen = tcp_fastopen_ok && type == SOCK_STREAM; +blob * fastopen = tcp_fastopen_ok && type == SOCK_STREAM + ? &tcp_fastopen_nodata : NULL; shost.next = NULL; shost.address = NULL; diff --git a/src/src/routers/iplookup.c b/src/src/routers/iplookup.c index 1af2a77b9..3592809ea 100644 --- a/src/src/routers/iplookup.c +++ b/src/src/routers/iplookup.c @@ -254,9 +254,10 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, /* Connect to the remote host, under a timeout. In fact, timeouts can occur here only for TCP calls; for a UDP socket, "connect" always works (the router will timeout later on the read call). */ +/*XXX could take advantage of TFO */ if (ip_connect(query_socket, host_af, h->address,ob->port, ob->timeout, - ob->protocol != ip_udp) < 0) + ob->protocol == ip_udp ? NULL : &tcp_fastopen_nodata) < 0) { close(query_socket); DEBUG(D_route) diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index ee39cb2fb..9221aa868 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -164,9 +164,15 @@ if (getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) #endif +/* Arguments as for smtp_connect(), plus + early_data if non-NULL, data to be sent - preferably in the TCP SYN segment + +Returns: connected socket number, or -1 with errno set +*/ + int smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface, - transport_instance * tb, int timeout) + transport_instance * tb, int timeout, const blob * early_data) { smtp_transport_options_block * ob = (smtp_transport_options_block *)tb->options_block; @@ -176,7 +182,6 @@ int dscp_level; int dscp_option; int sock; int save_errno = 0; -BOOL fastopen = FALSE; #ifndef DISABLE_EVENT deliver_host_address = host->address; @@ -209,10 +214,6 @@ if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value)) (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)); } -#ifdef TCP_FASTOPEN -if (verify_check_given_host (&ob->hosts_try_fastopen, host) == OK) fastopen = TRUE; -#endif - /* Bind to a specific interface if requested. Caller must ensure the interface is the same type (IPv4 or IPv6) as the outgoing address. */ @@ -225,10 +226,24 @@ if (interface && ip_bind(sock, host_af, interface, 0) < 0) } /* Connect to the remote host, and add keepalive to the socket before returning -it, if requested. */ +it, if requested. If the build supports TFO, request it - and if the caller +requested some early-data then include that in the TFO request. */ -else if (ip_connect(sock, host_af, host->address, port, timeout, fastopen) < 0) - save_errno = errno; +else + { + const blob * fastopen = NULL; + +#ifdef TCP_FASTOPEN + if (verify_check_given_host(&ob->hosts_try_fastopen, host) == OK) + fastopen = early_data ? early_data : &tcp_fastopen_nodata; +#endif + + if (ip_connect(sock, host_af, host->address, port, timeout, fastopen) < 0) + save_errno = errno; + else if (early_data && !fastopen && early_data->data && early_data->len) + if (send(sock, early_data->data, early_data->len, 0) < 0) + save_errno = errno; + } /* Either bind() or connect() failed */ @@ -336,7 +351,7 @@ if (ob->socks_proxy) return socks_sock_connect(host, host_af, port, interface, tb, timeout); #endif -return smtp_sock_connect(host, host_af, port, interface, tb, timeout); +return smtp_sock_connect(host, host_af, port, interface, tb, timeout, NULL); } diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index 2e9326122..3b463c644 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -655,7 +655,7 @@ for (h = &host; h; h = h->next) /* Connect never fails for a UDP socket, so don't set a timeout. */ - (void)ip_connect(sock, host_af, h->address, ntohs(sp->s_port), 0, FALSE); + (void)ip_connect(sock, host_af, h->address, ntohs(sp->s_port), 0, NULL); rc = send(sock, buffer, Ustrlen(buffer) + 1, 0); (void)close(sock); diff --git a/src/src/transports/smtp_socks.c b/src/src/transports/smtp_socks.c index 92d13659d..1368849d6 100644 --- a/src/src/transports/smtp_socks.c +++ b/src/src/transports/smtp_socks.c @@ -233,6 +233,7 @@ socks_opts proxies[32]; /* max #proxies handled */ unsigned nproxies; socks_opts * sob; unsigned size; +blob early_data; if (!timeout) timeout = 24*60*60; /* use 1 day for "indefinite" */ tmo = time(NULL) + timeout; @@ -268,6 +269,14 @@ for (nproxies = 0; socks_option(sob, option); } +/* Set up the socks protocol method-selection message, +for sending on connection */ + +state = US"method select"; +buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type; +early_data.data = buf; +early_data.len = 3; + /* Try proxies until a connection succeeds */ for(;;) @@ -289,7 +298,7 @@ for(;;) proxy_af = Ustrchr(sob->proxy_host, ':') ? AF_INET6 : AF_INET; if ((fd = smtp_sock_connect(&proxy, proxy_af, sob->port, - interface, tb, sob->timeout)) >= 0) + interface, tb, sob->timeout, &early_data)) >= 0) { proxy_local_address = string_copy(proxy.address); proxy_local_port = sob->port; @@ -301,13 +310,8 @@ for(;;) } /* Do the socks protocol stuff */ -/* Send method-selection */ -state = US"method select"; HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SOCKS>> 05 01 %02x\n", sob->auth_type); -buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type; -if (send(fd, buf, 3, 0) < 0) - goto snd_err; /* expect method response */ diff --git a/src/src/verify.c b/src/src/verify.c index a9ec730d1..ac5eb667b 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2682,8 +2682,11 @@ if (ip_bind(sock, host_af, interface_address, 0) < 0) goto END_OFF; } +/*XXX could take advantage of TFO early-data. Hmm, what are the +error returns; can we differentiate connect from data fails? +Do we need to? */ if (ip_connect(sock, host_af, sender_host_address, port, - rfc1413_query_timeout, TRUE) < 0) + rfc1413_query_timeout, &tcp_fastopen_nodata) < 0) { if (errno == ETIMEDOUT && LOGGING(ident_timeout)) log_write(0, LOG_MAIN, "ident connection to %s timed out", @@ -3154,18 +3157,16 @@ verify_check_this_host(const uschar **listptr, unsigned int *cache_bits, int rc; unsigned int *local_cache_bits = cache_bits; const uschar *save_host_address = deliver_host_address; -check_host_block cb; -cb.host_name = host_name; -cb.host_address = host_address; +check_host_block cb = { .host_name = host_name, .host_address = host_address }; -if (valueptr != NULL) *valueptr = NULL; +if (valueptr) *valueptr = NULL; /* If the host address starts off ::ffff: it is an IPv6 address in IPv4-compatible mode. Find the IPv4 part for checking against IPv4 addresses. */ -cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)? - host_address + 7 : host_address; +cb.host_ipv4 = Ustrncmp(host_address, "::ffff:", 7) == 0 + ? host_address + 7 : host_address; /* During the running of the check, put the IP address into $host_address. In the case of calls from the smtp transport, it will already be there. However, |