X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util.c;h=b72670368a73ef3cf28cacd5e74e5c1ac622b942;hb=refs%2Fheads%2Flicensing;hp=ca16d4128b85ec59d52692ce7af2b9aa6bf3f53d;hpb=788b5abecc472c252d3cae9d9adf9c74a848b0c7;p=libradsec.git

diff --git a/util.c b/util.c
index ca16d41..b726703 100644
--- a/util.c
+++ b/util.c
@@ -1,9 +1,10 @@
-/*
- * Copyright (C) 2006-2008 Stig Venaas <venaas@uninett.no>
+/* Copyright (c) 2006-2010, UNINETT AS
+ * Copyright (c) 2010-2012, NORDUnet A/S */
+/* See LICENSE for licensing information. */
+
+/* Code contributions from:
  *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
+ * Stefan Winter <stefan.winter@restena.lu>
  */
 
 #include <sys/socket.h>
@@ -57,7 +58,7 @@ void port_set(struct sockaddr *sa, uint16_t port) {
 
 struct sockaddr *addr_copy(struct sockaddr *in) {
     struct sockaddr *out = NULL;
-    
+
     switch (in->sa_family) {
     case AF_INET:
 	out = malloc(sizeof(struct sockaddr_in));
@@ -75,6 +76,9 @@ struct sockaddr *addr_copy(struct sockaddr *in) {
 	break;
     }
     out->sa_family = in->sa_family;
+#ifdef SIN6_LEN
+    out->sa_len = in->sa_len;
+#endif
     return out;
 }
 
@@ -102,37 +106,27 @@ char *addr2string(struct sockaddr *addr) {
     return addr_buf[i];
 }
 
-#if 0
-/* not in use */
-int connectport(int type, char *host, char *port) {
-    struct addrinfo hints, *res0, *res;
-    int s = -1;
-    
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_socktype = type;
-    hints.ai_family = AF_UNSPEC;
-
-    if (getaddrinfo(host, port, &hints, &res0) != 0) {
-	debug(DBG_ERR, "connectport: can't resolve host %s port %s", host, port);
-	return -1;
-    }
-
-    for (res = res0; res; res = res->ai_next) {
-	s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-	if (s < 0) {
-	    debug(DBG_WARN, "connectport: socket failed");
-	    continue;
-	}
-	if (connect(s, res->ai_addr, res->ai_addrlen) == 0)
-	    break;
-	debug(DBG_WARN, "connectport: connect failed");
-	close(s);
-	s = -1;
+/* Disable the "Don't Fragment" bit for UDP sockets. It is set by default, which may cause an "oversized"
+   RADIUS packet to be discarded on first attempt (due to Path MTU discovery).
+*/
+
+void disable_DF_bit(int socket, struct addrinfo *res) {
+    if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) {
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+        /*
+         * Turn off Path MTU discovery on IPv4/UDP sockets, Linux variant.
+         */
+	int r, action;
+        debug(DBG_INFO, "disable_DF_bit: disabling DF bit (Linux variant)");
+        action = IP_PMTUDISC_DONT;
+        r = setsockopt(socket, IPPROTO_IP, IP_MTU_DISCOVER, &action, sizeof(action));
+        if (r == -1)
+	    debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER");
+#else
+	debug(DBG_INFO, "Non-Linux platform, unable to unset DF bit for UDP. You should check with tcpdump whether radsecproxy will send its UDP packets with DF bit set!");
+#endif
     }
-    freeaddrinfo(res0);
-    return s;
 }
-#endif
 
 int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) {
     int s, on = 1;
@@ -146,12 +140,15 @@ int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) {
 	    debug(DBG_WARN, "bindtoaddr: socket failed");
 	    continue;
 	}
+
+	disable_DF_bit(s,res);
+
 	if (reuse)
 	    setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
-	#ifdef IPV6_V6ONLY
+#ifdef IPV6_V6ONLY
 	if (v6only)
 	    setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));
-	#endif
+#endif
 	if (!bind(s, res->ai_addr, res->ai_addrlen))
 	    return s;
 	debug(DBG_WARN, "bindtoaddr: bind failed");
@@ -164,7 +161,7 @@ int connectnonblocking(int s, const struct sockaddr *addr, socklen_t addrlen, st
     int origflags, error = 0, r = -1;
     fd_set writefds;
     socklen_t len;
-    
+
     origflags = fcntl(s, F_GETFL, 0);
     fcntl(s, F_SETFL, origflags | O_NONBLOCK);
     if (!connect(s, addr, addrlen)) {
@@ -183,7 +180,7 @@ int connectnonblocking(int s, const struct sockaddr *addr, socklen_t addrlen, st
     if (!getsockopt(s, SOL_SOCKET, SO_ERROR, (char*)&error, &len) && !error)
 	r = 0;
 
- exit:    
+exit:
     fcntl(s, F_SETFL, origflags);
     return r;
 }
@@ -200,7 +197,7 @@ int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout
 	to.tv_sec = timeout;
 	to.tv_usec = 0;
     }
-    
+
     for (res = addrinfo; res; res = res->ai_next) {
 	s = bindtoaddr(src, res->ai_family, 1, 1);
 	if (s < 0) {
@@ -217,3 +214,7 @@ int connecttcp(struct addrinfo *addrinfo, struct addrinfo *src, uint16_t timeout
     }
     return s;
 }
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */