summaryrefslogtreecommitdiffhomepage
path: root/src/child.c
AgeCommit message (Collapse)Author
2020-09-17child_kill_children(): use method that actually worksrofl0r
it turned out that close()ing an fd behind the back of a thread doesn't actually cause blocking operations to get a read/write event, because the fd will stay valid to in-progress operations.
2020-09-17tune error messages to show select or poll depending on what is usedrofl0r
2020-09-16listen_addrs: use sblistrofl0r
2020-09-16listen_fds: use sblistrofl0r
2020-09-15free() loop records toorofl0r
2020-09-15prepare transition to poll()rofl0r
usage of select() is inefficient (because a huge fd_set array has to be initialized on each call) and insecure (because an fd >= FD_SETSIZE will cause out-of-bounds accesses using the FD_*SET macros, and a system can be set up to allow more than that number of fds using ulimit). for the moment we prepared a poll-like wrapper that still runs select() to test for regressions, and so we have fallback code for systems without poll().
2020-09-15refactor conns.[ch], put conn_s into child structrofl0r
this allows to access the conn member from the main thread handling the childs, plus simplifies the code.
2020-09-15shutdown: free children from right placerofl0r
2020-09-15Revert "childs.c: fix minor memory leak"rofl0r
This reverts commit 6dd3806f7d1a337fb89e335e986e1fa4eab8340c.
2020-09-15childs.c: fix minor memory leakrofl0r
this would leak only once on program termination, so it's no big deal apart from having spurious reachable memory in valgrind logs.
2020-09-09remove bogus custom timeout handling coderofl0r
in networking, hitting a timeout requires that *nothing* happens during the interval. whenever anything happens, the timeout is reset. there's no need to do custom time calculations, it's perfectly fine to let the kernel handle it using the select() syscall. additionally the code added in 0b9a74c29036f9215b2b97a301b7b25933054302 assures that read and write syscalls() don't block indefinitely and return on the timeout too, so there's no need to switch sockets back and forth between blocking/nonblocking.
2020-09-01Change loglevel for "Maximum number of connections reached"Nicolai Søborg
I was hit by this, and did not see anything in the log, connections was just hanging. Think warning is a better log level
2020-01-15remove duplicate code calling reload_config_file()rofl0r
as a side effect of not updating the config pointer when loading the config file fails, the "FIXME" level comment to take appropriate action in that case has been removed. the only issue remaining when receiving a SIGHUP and encountering a malformed config file would now be the case that output to syslog/logfile won't be resumed, if initially so configured.
2020-01-15access config via a pointer, not a hardcoded struct addressrofl0r
this is required so we can elegantly swap out an old config for a new one in the future and remove lots of boilerplate from config initialization code. unfortunately this is a quite intrusive change as the config struct was accessed in numerous places, but frankly it should have been done via a pointer right from the start. right now, we simply point to a static struct in main.c, so there shouldn't be any noticeable changes in behaviour.
2019-12-21implement detection and denial of endless connection loopsrofl0r
it is quite easy to bring down a proxy server by forcing it to make connections to one of its own ports, because this will result in an endless loop spawning more and more connections, until all available fds are exhausted. since there's a potentially infinite number of potential DNS/ip addresses resolving to the proxy, it is impossible to detect an endless loop by simply looking at the destination ip address and port. what *is* possible though is to record the ip/port tuples assigned to outgoing connections, and then compare them against new incoming connections. if they match, the sender was the proxy itself and therefore needs to reject that connection. fixes #199.
2019-12-21do hostname resolution only when it is absolutely necessary for ACL checkrofl0r
tinyproxy used to do a full hostname resolution whenever a new client connection happened, which could cause very long delays (as reported in #198). there's only a single place/scenario that actually requires a hostname, and that is when an Allow/Deny rule exists for a hostname or domain, rather than a raw IP address. since it is very likely this feature is not very widely used, it makes absolute sense to only do the costly resolution when it is unavoidable.
2019-12-21move sockaddr_union to sock.hrofl0r
2019-12-21simplify codebase by using one thread/conn, instead of preforked procsrofl0r
the existing codebase used an elaborate and complex approach for its parallelism: 5 different config file options, namely - MaxClients - MinSpareServers - MaxSpareServers - StartServers - MaxRequestsPerChild were used to steer how (and how many) parallel processes tinyproxy would spin up at start, how many processes at each point needed to be idle, etc. it seems all preforked processes would listen on the server port and compete with each other about who would get assigned the new incoming connections. since some data needs to be shared across those processes, a half- baked "shared memory" implementation was provided for this purpose. that implementation used to use files in the filesystem, and since it had a big FIXME comment, the author was well aware of how hackish that approach was. this entire complexity is now removed. the main thread enters a loop which polls on the listening fds, then spins up a new thread per connection, until the maximum number of connections (MaxClients) is hit. this is the only of the 5 config options left after this cleanup. since threads share the same address space, the code necessary for shared memory access has been removed. this means that the other 4 mentioned config option will now produce a parse error, when encountered. currently each thread uses a hardcoded default of 256KB per thread for the thread stack size, which is quite lavish and should be sufficient for even the worst C libraries, but people may want to tweak this value to the bare minimum, thus we may provide a new config option for this purpose in the future. i suspect that on heavily optimized C libraries such a musl, a stack size of 8-16 KB per thread could be sufficient. since the existing list implementation in vector.c did not provide a way to remove a single item from an existing list, i added my own list implementation from my libulz library which offers this functionality, rather than trying to add an ad-hoc, and perhaps buggy implementation to the vector_t list code. the sblist code is contained in an 80 line C file and as simple as it can get, while offering good performance and is proven bugfree due to years of use in other projects.
2018-12-15child.c: properly initialize fdset for each select() call (#216)rofl0r
it was reported that because the fdset was only initialized once, tinyproxy would fail to properly listen on more than one interface. closes #214 closes #127
2016-12-30Prevent child from calling exit() on interruptdmz-uk
A proposed fix for the logrotate SIGHUP issue.
2014-12-13BB#110 secure the hashmaps by adding a seedMichael Adam
Based on a patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23child: remove use of config.listen_addrs in child_listening_sockets()Michael Adam
This was accidentially used instead of the function parameter listen_addrs This still belongs to the fix for bug BB#63. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: check return code of socket_blocking for accept in child_mainMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: Fix CID 1130966 - unchecked return value from libraryMichael Adam
check the return code of fcntl via socket_nonblocking on the listen sockets in child_main() Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#63] conf: Allow multiple Listen statements in the config.Michael Adam
This introduces a list (vector) of addresses instead of having just one address string. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: use a list of listen_fds instead of one single listenfd.Michael Adam
This prepares listenting on multiple sockets, which will be ussed to fix listening on the wildcard (listen on both ipv6 and ipv4) and help add the support for multiple Listen statements in the config Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: add addr argument to child_listening_sock().Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: add addr argument to listen_sock()Michael Adam
instead of using config.ipAddr internally. This is in preparation to make it possible to call it for multiple addresses. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock/child: remove global variable addrlen.Michael Adam
This changes listen_sock() to not return the addrlen of the used address from getaddrinfo call to the caller, stored in global addrlen in child.c. This was only used to be able to allocate enough space for the arguments to the later accept call depending on whether IPv4 or IPv6 is used. This removes the need to pass this info by always allocating sizeof(struct sockaddr_storage) instead, which is enough to carry both sockaddr_in and sockaddr_in6. Signed-off-by: Michael Adam <obnox@samba.org>
2009-12-23Add warning comments to SIGHUP handlers, that we ignore the retrun code of ↵Michael Adam
reload_config(). This can actually fail, and we probably need some way to handle this. Like an emergency error exit or so... Michael
2009-12-23Don't truncate the log file in the SIGHUP handler.Michael Adam
Logging is re-initialized by reload_config() now. And truncation is wrong anyways: A syslog mechanism will move the current log file and the reopen-action will just create a new empty log file upon SIGHUP. Michael
2009-12-22reload config upon SIGHUPMichael Adam
Michael
2009-12-07Move definition of "struct config_s" from main.h to conf.hMichael Adam
Michael
2009-10-25propagate reload of filter file to child procs by sending HUP signalsMichael Adam
2009-10-25Change child_kill_children() to take the signal as an argument.Michael Adam
2009-10-25child: handle SIGHUP in the child by reloading the filter fileMichael Adam
2009-10-25use new filter_reload() in child_main_loop()Michael Adam
2009-09-15child: move log messagte in child_main_loop() to a less irritating place.Michael Adam
Michael
2009-09-15Indent code to Tinyproxy coding styleMukund Sivaraman
The modified files were indented with GNU indent using the following command: indent -npro -kr -i8 -ts8 -sob -l80 -ss -cs -cp1 -bs -nlps -nprs -pcs \ -saf -sai -saw -sc -cdw -ce -nut -il0 No other changes of any sort were made.
2009-08-07Rename tinyproxy.[ch] to main.[ch]Mukund Sivaraman
2009-08-04child_pool_create(): add to explicit cats to reduce compiler warnings.Michael Adam
Michael
2009-08-04child: adapt child_config to contain unsigned integersMichael Adam
as just changed in get_int_arg. Michael
2009-08-04child: add explicit cast in child_main().Michael Adam
Michael
2008-12-08Convert tabs to spacesMukund Sivaraman
2008-12-08Break at 80 columnsMukund Sivaraman
2008-12-01Reformat code to GNU coding styleMukund Sivaraman
This is a commit which simply ran all C source code files through GNU indent. No other modifications were made.
2008-08-24Add more calls to umask() before mkstemp()Mukund Sivaraman
2008-05-24Updated copyright, license notices in source codeMukund Sivaraman
The notices have been changed to a more GNU look. Documentation comments have been separated from the copyright header. I've tried to keep all copyright notices intact. Some author contact details have been updated.
2005-08-15* [Indent] Ran Source Through indentRobert James Kaes
I re-indented the source code using indent with the following options: indent -kr -bad -bap -nut -i8 -l80 -psl -sob -ss -ncs There are now _no_ tabs in the source files, and all indentation is eight spaces. Lines are 80 characters long, and the procedure type is on it's own line. Read the indent manual for more information about what each option means.
2005-07-12* Updated Copyright Email AddressesRobert James Kaes
Updated the copyright email addresses for Robert James Kaes. The users.sourceforge.net address should always exist.