Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-19 21:25:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pass BEV_OPT_THREADSAFE to bufferevent_socket_new() and similar functions, otherwise if we are out of fds, we get signal 10 or 6 crashes sometimes, nothing else seems to work

Browse Source
This commit is contained in:
Soner Tari 2019-03-11 01:56:09 +03:00
parent 3a6f797917
commit 96ecd8e4c3
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
protossl.c
View File

@ -801,7 +801,7 @@ protossl_bufferevent_setup(pxy_conn_ctx_t *ctx, evutil_socket_t fd, SSL *ssl)
#endif /* DEBUG_PROXY */
struct bufferevent *bev = bufferevent_openssl_socket_new(ctx->evbase, fd, ssl,
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!bev) {
log_err_level_printf(LOG_CRIT, "Error creating bufferevent socket\n");
return NULL;
@ -831,7 +831,7 @@ protossl_bufferevent_setup_child(pxy_conn_child_ctx_t *ctx, evutil_socket_t fd,
#endif /* DEBUG_PROXY */
struct bufferevent *bev = bufferevent_openssl_socket_new(ctx->conn->evbase, fd, ssl,
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS);
((fd == -1) ? BUFFEREVENT_SSL_CONNECTING : BUFFEREVENT_SSL_ACCEPTING), BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!bev) {
log_err_level_printf(LOG_CRIT, "Error creating bufferevent socket\n");
return NULL;
@ -1067,7 +1067,7 @@ int
protossl_setup_srvdst_new_bev_ssl_connecting(pxy_conn_ctx_t *ctx)
{
ctx->srvdst.bev = bufferevent_openssl_filter_new(ctx->evbase, ctx->srvdst.bev, ctx->srvdst.ssl,
BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS);
BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!ctx->srvdst.bev) {
log_err_level_printf(LOG_CRIT, "Error creating srvdst bufferevent\n");
SSL_free(ctx->srvdst.ssl);
@ -1206,7 +1206,7 @@ int
protossl_setup_src_new_bev_ssl_accepting(pxy_conn_ctx_t *ctx)
{
ctx->src.bev = bufferevent_openssl_filter_new(ctx->evbase, ctx->src.bev, ctx->src.ssl,
BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS);
BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!ctx->src.bev) {
log_err_level_printf(LOG_CRIT, "Error creating src bufferevent\n");
SSL_free(ctx->src.ssl);
@ -1222,7 +1222,7 @@ int
protossl_setup_dst_new_bev_ssl_connecting_child(pxy_conn_child_ctx_t *ctx)
{
ctx->dst.bev = bufferevent_openssl_filter_new(ctx->conn->evbase, ctx->dst.bev, ctx->dst.ssl,
BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS);
BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!ctx->dst.bev) {
log_err_level_printf(LOG_CRIT, "Error creating dst bufferevent\n");
SSL_free(ctx->dst.ssl);

10
prototcp.c
View File

@ -52,7 +52,7 @@ prototcp_bufferevent_setup(pxy_conn_ctx_t *ctx, evutil_socket_t fd)
#endif /* DEBUG_PROXY */
// @todo Do we really need to defer callbacks? BEV_OPT_DEFER_CALLBACKS seems responsible for the issue with srvdst: We get writecb sometimes, no eventcb for CONNECTED event
struct bufferevent *bev = bufferevent_socket_new(ctx->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
struct bufferevent *bev = bufferevent_socket_new(ctx->evbase, fd, BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!bev) {
log_err_level_printf(LOG_CRIT, "Error creating bufferevent socket\n");
#ifdef DEBUG_PROXY
@ -76,7 +76,7 @@ prototcp_bufferevent_setup_child(pxy_conn_child_ctx_t *ctx, evutil_socket_t fd)
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_bufferevent_setup_child: ENTER, fd=%d\n", fd);
#endif /* DEBUG_PROXY */
struct bufferevent *bev = bufferevent_socket_new(ctx->conn->evbase, fd, BEV_OPT_DEFER_CALLBACKS);
struct bufferevent *bev = bufferevent_socket_new(ctx->conn->evbase, fd, BEV_OPT_DEFER_CALLBACKS|BEV_OPT_THREADSAFE);
if (!bev) {
log_err_level_printf(LOG_CRIT, "Error creating bufferevent socket\n");
#ifdef DEBUG_PROXY
@ -113,7 +113,7 @@ prototcp_bufferevent_free_and_close_fd(struct bufferevent *bev, UNUSED pxy_conn_
int
prototcp_setup_src(pxy_conn_ctx_t *ctx)
{
ctx->src.ssl= NULL;
ctx->src.ssl = NULL;
ctx->src.bev = prototcp_bufferevent_setup(ctx, ctx->fd);
if (!ctx->src.bev) {
log_err_level_printf(LOG_CRIT, "Error creating src bufferevent\n");
@ -127,7 +127,7 @@ prototcp_setup_src(pxy_conn_ctx_t *ctx)
int
prototcp_setup_dst(pxy_conn_ctx_t *ctx)
{
ctx->dst.ssl= NULL;
ctx->dst.ssl = NULL;
ctx->dst.bev = prototcp_bufferevent_setup(ctx, -1);
if (!ctx->dst.bev) {
log_err_level_printf(LOG_CRIT, "Error creating parent dst\n");
@ -141,7 +141,7 @@ prototcp_setup_dst(pxy_conn_ctx_t *ctx)
int
prototcp_setup_srvdst(pxy_conn_ctx_t *ctx)
{
ctx->srvdst.ssl= NULL;
ctx->srvdst.ssl = NULL;
ctx->srvdst.bev = prototcp_bufferevent_setup(ctx, -1);
if (!ctx->srvdst.bev) {
log_err_level_printf(LOG_CRIT, "Error creating srvdst\n");

4
pxyconn.c
View File

@ -1546,6 +1546,10 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
// Retry in case we cannot acquire db file or database: SQLITE_BUSY or SQLITE_LOCKED respectively
if (rc == SQLITE_BUSY || rc == SQLITE_LOCKED) {
#ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User db busy or locked, retrying, count=%d, ctx->fd=%d\n", ctx->identify_user_count, ctx->fd);
#endif /* DEBUG_PROXY */
// Do not forget to reset sqlite stmt, or else the userdb may remain busy/locked
sqlite3_reset(ctx->thr->get_user);