X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fip.c;h=ef133bf9f0bd780445b25a6368bfd2aaad90b226;hb=9fa3eec7bb2e6a14a0b62dbc713c0ba5b2b5cd34;hp=c275b1f00d2a8550065bf06f2c64c2c2d95910db;hpb=a23ff3b4ab81658d0c8107ab01a518e6ca06bd6e;p=exim.git

diff --git a/src/src/ip.c b/src/src/ip.c
index c275b1f00..ef133bf9f 100644
--- a/src/src/ip.c
+++ b/src/src/ip.c
@@ -2,12 +2,12 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions for doing things with sockets. With the advent of IPv6 this has
 got messier, so that it's worth pulling out the code into separate functions
-that other parts of Exim can call, expecially as there are now several
+that other parts of Exim can call, especially as there are now several
 different places in the code where sockets are used. */
 
 
@@ -160,6 +160,26 @@ return bind(sock, (struct sockaddr *)&sin, s_len);
 
 
 
+/*************************************************
+*************************************************/
+
+#ifdef EXIM_TFO_PROBE
+void
+tfo_probe(void)
+{
+# ifdef TCP_FASTOPEN
+int sock, backlog = 5;
+
+if (  (sock = socket(SOCK_STREAM, AF_INET, 0)) < 0
+   && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog))
+   )
+  f.tcp_fastopen_ok = TRUE;
+close(sock);
+# endif
+}
+#endif
+
+
 /*************************************************
 *        Connect socket to remote host           *
 *************************************************/
@@ -175,14 +195,15 @@ Arguments:
   address     the remote address, in text form
   port        the remote port
   timeout     a timeout (zero for indefinite timeout)
-  fastopen    TRUE iff TCP_FASTOPEN can be used
+  fastopen_blob    non-null iff TCP_FASTOPEN can be used; may indicate early-data to
+		be sent in SYN segment
 
 Returns:      0 on success; -1 on failure, with errno set
 */
 
 int
 ip_connect(int sock, int af, const uschar *address, int port, int timeout,
-  BOOL fastopen)
+  const blob * fastopen_blob)
 {
 struct sockaddr_in s_in4;
 struct sockaddr *s_ptr;
@@ -228,25 +249,62 @@ if (timeout > 0) alarm(timeout);
 /* TCP Fast Open, if the system has a cookie from a previous call to
 this peer, can send data in the SYN packet.  The peer can send data
 before it gets our ACK of its SYN,ACK - the latter is useful for
-the SMTP banner.  Is there any usage where the former might be?
-We might extend the ip_connect() args for data if so.  For now,
-connect in FASTOPEN mode but with zero data.
-*/
+the SMTP banner.  Other (than SMTP) cases of TCP connections can
+possibly use the data-on-syn, so support that too.
 
-if (fastopen)
+This is a Linux implementation.  It might be useable on FreeBSD; I have
+not checked.  I think MacOS has a "connectx" call for this purpose,
+rather than using "sendto" ? */
+
+if (fastopen_blob && f.tcp_fastopen_ok)
   {
-  if (  (rc = sendto(sock, NULL, 0, MSG_FASTOPEN, s_ptr, s_len)) < 0
-     && errno == EOPNOTSUPP
-     )
+  if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len,
+		    MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0)
+	/* seen for with-data, experimental TFO option, with-cookie case */
+	/* seen for with-data, proper TFO opt, with-cookie case */
+    {
+    DEBUG(D_transport|D_v)
+      debug_printf("non-TFO mode connection attempt to %s, %lu data\n",
+	address, (unsigned long)fastopen_blob->len);
+    /*XXX also seen on successful TFO, sigh */
+    tcp_out_fastopen = fastopen_blob->len > 0 ?  TFO_USED : TFO_ATTEMPTED;
+    }
+  else if (errno == EINPROGRESS)	/* expected if we had no cookie for peer */
+	/* seen for no-data, proper TFO option, both cookie-request and with-cookie cases */
+	/*  apparently no visibility of the diffference at this point */
+	/* seen for with-data, proper TFO opt, cookie-req */
+	/*   with netwk delay, post-conn tcp_info sees unacked 1 for R, 2 for C; code in smtp_out.c */
+	/* ? older Experimental TFO option behaviour ? */
+    {					/* queue unsent data */
+    DEBUG(D_transport|D_v) debug_printf("TFO mode sendto, %s data: EINPROGRESS\n",
+      fastopen_blob->len > 0 ? "with"  : "no");
+    if (!fastopen_blob->data)
+      {
+      tcp_out_fastopen = TFO_ATTEMPTED;		/* we tried; unknown if useful yet */
+      rc = 0;
+      }
+    else
+      rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0);
+    }
+  else if(errno == EOPNOTSUPP)
     {
     DEBUG(D_transport)
       debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n");
-    rc = connect(sock, s_ptr, s_len);
+    goto legacy_connect;
     }
   }
 else
 #endif
-  rc = connect(sock, s_ptr, s_len);
+  {
+legacy_connect:
+  DEBUG(D_transport|D_v) if (fastopen_blob)
+    debug_printf("non-TFO mode connection attempt to %s, %lu data\n",
+      address, (unsigned long)fastopen_blob->len);
+  if ((rc = connect(sock, s_ptr, s_len)) >= 0)
+    if (  fastopen_blob && fastopen_blob->data && fastopen_blob->len
+       && send(sock, fastopen_blob->data, fastopen_blob->len, 0) < 0)
+	rc = -1;
+  }
 
 save_errno = errno;
 alarm(0);
@@ -255,7 +313,7 @@ alarm(0);
 can't think of any other way of doing this. It converts a connection refused
 into a timeout if the timeout is set to 999999. */
 
-if (running_in_test_harness  && save_errno == ECONNREFUSED && timeout == 999999)
+if (f.running_in_test_harness  && save_errno == ECONNREFUSED && timeout == 999999)
   {
   rc = -1;
   save_errno = EINTR;
@@ -286,18 +344,20 @@ return -1;
 Arguments:
   type          SOCK_DGRAM or SOCK_STREAM
   af            AF_INET6 or AF_INET for the socket type
-  address       the remote address, in text form
+  hostname	host name, or ip address (as text)
   portlo,porthi the remote port range
   timeout       a timeout
-  connhost	if not NULL, host_item filled in with connection details
+  connhost	if not NULL, host_item to be filled in with connection details
   errstr        pointer for allocated string on error
+  fastopen_blob	with SOCK_STREAM, if non-null, request TCP Fast Open.
+		Additionally, optional early-data to send
 
 Return:
   socket fd, or -1 on failure (having allocated an error string)
 */
 int
 ip_connectedsocket(int type, const uschar * hostname, int portlo, int porthi,
-	int timeout, host_item * connhost, uschar ** errstr)
+      int timeout, host_item * connhost, uschar ** errstr, const blob * fastopen_blob)
 {
 int namelen, port;
 host_item shost;
@@ -358,7 +418,7 @@ for (h = &shost; h; h = h->next)
     }
 
   for(port = portlo; port <= porthi; port++)
-    if (ip_connect(fd, af, h->address, port, timeout, type == SOCK_STREAM) == 0)
+    if (ip_connect(fd, af, h->address, port, timeout, fastopen_blob) == 0)
       {
       if (fd != fd6) close(fd6);
       if (fd != fd4) close(fd4);
@@ -380,6 +440,7 @@ bad:
 }
 
 
+/*XXX TFO? */
 int
 ip_tcpsocket(const uschar * hostport, uschar ** errstr, int tmo)
 {
@@ -400,7 +461,7 @@ if (scan != 3)
   }
 
 return ip_connectedsocket(SOCK_STREAM, hostname, portlow, porthigh,
-			  tmo, NULL, errstr);
+			  tmo, NULL, errstr, NULL);
 }
 
 int
@@ -456,7 +517,7 @@ ip_keepalive(int sock, const uschar *address, BOOL torf)
 {
 int fodder = 1;
 if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
-    (uschar *)(&fodder), sizeof(fodder)) != 0)
+    US (&fodder), sizeof(fodder)) != 0)
   log_write(0, LOG_MAIN, "setsockopt(SO_KEEPALIVE) on connection %s %s "
     "failed: %s", torf? "to":"from", address, strerror(errno));
 }
@@ -491,7 +552,7 @@ if (time_left <= 0)
 
 do
   {
-  struct timeval tv = { time_left, 0 };
+  struct timeval tv = { .tv_sec = time_left, .tv_usec = 0 };
   FD_ZERO (&select_inset);
   FD_SET (fd, &select_inset);
 
@@ -535,7 +596,7 @@ getting interrupted, and the possibility of select() returning with a positive
 result but no ready descriptor. Is this in fact possible?
 
 Arguments:
-  sock        the socket
+  cctx        the connection context (socket fd, possibly TLS context)
   buffer      to read into
   bufsize     the buffer size
   timeout     the timeout
@@ -545,24 +606,24 @@ Returns:      > 0 => that much data read
 */
 
 int
-ip_recv(int sock, uschar *buffer, int buffsize, int timeout)
+ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, int timeout)
 {
 int rc;
 
-if (!fd_ready(sock, timeout))
+if (!fd_ready(cctx->sock, timeout))
   return -1;
 
 /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e.
 close down of the connection), set errno to zero; otherwise leave it alone. */
 
 #ifdef SUPPORT_TLS
-if (tls_out.active == sock)
-  rc = tls_read(FALSE, buffer, buffsize);
-else if (tls_in.active == sock)
-  rc = tls_read(TRUE, buffer, buffsize);
+if (cctx->tls_ctx)					/* client TLS */
+  rc = tls_read(cctx->tls_ctx, buffer, buffsize);
+else if (tls_in.active.sock == cctx->sock)		/* server TLS */
+  rc = tls_read(NULL, buffer, buffsize);
 else
 #endif
-  rc = recv(sock, buffer, buffsize, 0);
+  rc = recv(cctx->sock, buffer, buffsize, 0);
 
 if (rc > 0) return rc;
 if (rc == 0) errno = 0;