diff options
author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-09-02 00:48:32 +0000 |
---|---|---|
committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-09-02 00:48:32 +0000 |
commit | 06e0d5c7f0f78c489090fe5f0c18a91e8cb41ae8 (patch) | |
tree | b05cf1bb463a9fd986768357c717709049f0caa6 /src/modules/extra | |
parent | c4cb1f9477b1fbf8662bedb1c36f84ff6f87e1f3 (diff) |
Use a set to mark client SSL ports rather than going by textual IP/port pairs
This theoretically speeds up accepting connections. Visible changes are proper
IPv6 port text in 005 output and no possibility of incorrect SSL on addresses
that mismatch an incoming port (possible with IPv4 wildcard SSL and IPv6
plaintext on the same port, not that anyone would do such a thing). Bind ports
also now tell which SSL module they use in /stats p.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11629 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/extra')
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 83 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 87 |
2 files changed, 30 insertions, 140 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 7e3b62671..7c5f7ee49 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -30,17 +30,6 @@ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; -bool isin(const std::string &host, int port, const std::vector<std::string> &portlist) -{ - if (std::find(portlist.begin(), portlist.end(), "*:" + ConvToStr(port)) != portlist.end()) - return true; - - if (std::find(portlist.begin(), portlist.end(), ":" + ConvToStr(port)) != portlist.end()) - return true; - - return std::find(portlist.begin(), portlist.end(), host + ":" + ConvToStr(port)) != portlist.end(); -} - /** Represents an SSL user's extra data */ class issl_session : public classbase @@ -93,7 +82,7 @@ class CommandStartTLS : public Command class ModuleSSLGnuTLS : public Module { - std::vector<std::string> listenports; + std::set<ListenSocketBase*> listenports; issl_session* sessions; @@ -107,7 +96,6 @@ class ModuleSSLGnuTLS : public Module std::string sslports; int dh_bits; - int clientactive; bool cred_alloc; CommandStartTLS starttls; @@ -131,8 +119,8 @@ class ModuleSSLGnuTLS : public Module gnutls_certificate_set_dh_params(x509_cred, dh_params); Implementation eventlist[] = { I_On005Numeric, I_OnRawSocketConnect, I_OnRawSocketAccept, I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup, - I_OnBufferFlushed, I_OnRequest, I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, - I_OnPostConnect, I_OnEvent, I_OnHookIO }; + I_OnBufferFlushed, I_OnRequest, I_OnRehash, I_OnModuleRehash, I_OnPostConnect, + I_OnEvent, I_OnHookIO }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); ServerInstance->AddCommand(&starttls); @@ -143,51 +131,21 @@ class ModuleSSLGnuTLS : public Module ConfigReader Conf(ServerInstance); listenports.clear(); - clientactive = 0; sslports.clear(); - for(int index = 0; index < Conf.Enumerate("bind"); index++) + for (size_t i = 0; i < ServerInstance->ports.size(); i++) { - // For each <bind> tag - std::string x = Conf.ReadValue("bind", "type", index); - if(((x.empty()) || (x == "clients")) && (Conf.ReadValue("bind", "ssl", index) == "gnutls")) - { - // Get the port we're meant to be listening on with SSL - std::string port = Conf.ReadValue("bind", "port", index); - std::string addr = Conf.ReadValue("bind", "address", index); - - if (!addr.empty()) - { - // normalize address, important for IPv6 - int portint = 0; - irc::sockets::sockaddrs bin; - if (irc::sockets::aptosa(addr.c_str(), portint, &bin)) - irc::sockets::satoap(&bin, addr, portint); - } - - irc::portparser portrange(port, false); - long portno = -1; - while ((portno = portrange.GetToken())) - { - clientactive++; - try - { - listenports.push_back(addr + ":" + ConvToStr(portno)); + ListenSocketBase* port = ServerInstance->ports[i]; + std::string desc = port->GetDescription(); + if (desc != "gnutls") + continue; - for (size_t i = 0; i < ServerInstance->ports.size(); i++) - if ((ServerInstance->ports[i]->GetPort() == portno) && (ServerInstance->ports[i]->GetIP() == addr)) - ServerInstance->ports[i]->SetDescription("ssl"); - ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Enabling SSL for port %ld", portno); + listenports.insert(port); + std::string portid = port->GetBindDesc(); - if (addr != "127.0.0.1") - sslports.append((addr.empty() ? "*" : addr)).append(":").append(ConvToStr(portno)).append(";"); - } - catch (ModuleException &e) - { - ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: FAILED to enable SSL on port %ld: %s. Maybe it's already hooked by the same port on a different IP, or you have an other SSL or similar module loaded?", portno, e.GetReason()); - } - } - } + ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Enabling SSL for port %s", portid.c_str()); + if (port->GetIP() != "127.0.0.1") + sslports.append(portid).append(";"); } if (!sslports.empty()) @@ -320,19 +278,6 @@ class ModuleSSLGnuTLS : public Module } } - virtual void OnUnloadModule(Module* mod, const std::string &name) - { - if(mod == this) - { - for(unsigned int i = 0; i < listenports.size(); i++) - { - for (size_t j = 0; j < ServerInstance->ports.size(); j++) - if (listenports[i] == (ServerInstance->ports[j]->GetIP()+":"+ConvToStr(ServerInstance->ports[j]->GetPort()))) - ServerInstance->ports[j]->SetDescription("plaintext"); - } - } - } - virtual Version GetVersion() { return Version("$Id$", VF_VENDOR, API_VERSION); @@ -348,7 +293,7 @@ class ModuleSSLGnuTLS : public Module virtual void OnHookIO(EventHandler* user, ListenSocketBase* lsb) { - if (!user->GetIOHook() && isin(lsb->GetIP(),lsb->GetPort(),listenports)) + if (!user->GetIOHook() && listenports.find(lsb) != listenports.end()) { /* Hook the user with our module */ user->AddIOHook(this); diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index fc0de61f4..a8043457b 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -40,17 +40,6 @@ enum issl_io_status { ISSL_WRITE, ISSL_READ }; static bool SelfSigned = false; -bool isin(const std::string &host, int port, const std::vector<std::string> &portlist) -{ - if (std::find(portlist.begin(), portlist.end(), "*:" + ConvToStr(port)) != portlist.end()) - return true; - - if (std::find(portlist.begin(), portlist.end(), ":" + ConvToStr(port)) != portlist.end()) - return true; - - return std::find(portlist.begin(), portlist.end(), host + ":" + ConvToStr(port)) != portlist.end(); -} - char* get_error() { return ERR_error_string(ERR_get_error(), NULL); @@ -98,7 +87,7 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx) class ModuleSSLOpenSSL : public Module { - std::vector<std::string> listenports; + std::set<ListenSocketBase*> listenports; int inbufsize; issl_session* sessions; @@ -116,8 +105,6 @@ class ModuleSSLOpenSSL : public Module std::string dhfile; std::string sslports; - int clientactive; - public: InspIRCd* PublicInstance; @@ -152,14 +139,14 @@ class ModuleSSLOpenSSL : public Module OnModuleRehash(NULL,"ssl"); Implementation eventlist[] = { I_OnRawSocketConnect, I_OnRawSocketAccept, I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup, I_On005Numeric, - I_OnBufferFlushed, I_OnRequest, I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, - I_OnPostConnect, I_OnHookIO }; + I_OnBufferFlushed, I_OnRequest, I_OnRehash, I_OnModuleRehash, I_OnPostConnect, + I_OnHookIO }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } virtual void OnHookIO(EventHandler* user, ListenSocketBase* lsb) { - if (!user->GetIOHook() && isin(lsb->GetIP(),lsb->GetPort(),listenports)) + if (!user->GetIOHook() && listenports.find(lsb) != listenports.end()) { /* Hook the user with our module */ user->AddIOHook(this); @@ -171,51 +158,21 @@ class ModuleSSLOpenSSL : public Module ConfigReader Conf(ServerInstance); listenports.clear(); - clientactive = 0; sslports.clear(); - for(int index = 0; index < Conf.Enumerate("bind"); index++) + for (size_t i = 0; i < ServerInstance->ports.size(); i++) { - // For each <bind> tag - std::string x = Conf.ReadValue("bind", "type", index); - if(((x.empty()) || (x == "clients")) && (Conf.ReadValue("bind", "ssl", index) == "openssl")) - { - // Get the port we're meant to be listening on with SSL - std::string port = Conf.ReadValue("bind", "port", index); - std::string addr = Conf.ReadValue("bind", "address", index); - - if (!addr.empty()) - { - // normalize address, important for IPv6 - int portint = 0; - irc::sockets::sockaddrs bin; - if (irc::sockets::aptosa(addr.c_str(), portint, &bin)) - irc::sockets::satoap(&bin, addr, portint); - } - - irc::portparser portrange(port, false); - long portno = -1; - while ((portno = portrange.GetToken())) - { - clientactive++; - try - { - listenports.push_back(addr + ":" + ConvToStr(portno)); + ListenSocketBase* port = ServerInstance->ports[i]; + std::string desc = port->GetDescription(); + if (desc != "openssl") + continue; - for (size_t i = 0; i < ServerInstance->ports.size(); i++) - if ((ServerInstance->ports[i]->GetPort() == portno) && (ServerInstance->ports[i]->GetIP() == addr)) - ServerInstance->ports[i]->SetDescription("ssl"); - ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Enabling SSL for port %ld", portno); + listenports.insert(port); + std::string portid = port->GetBindDesc(); - if (addr != "127.0.0.1") - sslports.append((addr.empty() ? "*" : addr)).append(":").append(ConvToStr(portno)).append(";"); - } - catch (ModuleException &e) - { - ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: FAILED to enable SSL on port %ld: %s. Maybe it's already hooked by the same port on a different IP, or you have an other SSL or similar module loaded?", portno, e.GetReason()); - } - } - } + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Enabling SSL for port %s", portid.c_str()); + if (port->GetIP() != "127.0.0.1") + sslports.append(portid).append(";"); } if (!sslports.empty()) @@ -311,7 +268,8 @@ class ModuleSSLOpenSSL : public Module virtual void On005Numeric(std::string &output) { - output.append(" SSL=" + sslports); + if (!sslports.empty()) + output.append(" SSL=" + sslports); } virtual ~ModuleSSLOpenSSL() @@ -345,19 +303,6 @@ class ModuleSSLOpenSSL : public Module } } - virtual void OnUnloadModule(Module* mod, const std::string &name) - { - if (mod == this) - { - for(unsigned int i = 0; i < listenports.size(); i++) - { - for (size_t j = 0; j < ServerInstance->ports.size(); j++) - if (listenports[i] == (ServerInstance->ports[j]->GetIP()+":"+ConvToStr(ServerInstance->ports[j]->GetPort()))) - ServerInstance->ports[j]->SetDescription("plaintext"); - } - } - } - virtual Version GetVersion() { return Version("$Id$", VF_VENDOR, API_VERSION); |