* copyright notice and this permission notice appear in all copies.
*/
+/* Code contributions from:
+ *
+ * Stefan Winter <stefan.winter@restena.lu>
+ */
+
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
struct sockaddr *addr_copy(struct sockaddr *in) {
struct sockaddr *out = NULL;
-
+
switch (in->sa_family) {
case AF_INET:
out = malloc(sizeof(struct sockaddr_in));
break;
}
out->sa_family = in->sa_family;
+#ifdef SIN6_LEN
+ out->sa_len = in->sa_len;
+#endif
return out;
}
return addr_buf[i];
}
-#if 0
-/* not in use */
-int connectport(int type, char *host, char *port) {
- struct addrinfo hints, *res0, *res;
- int s = -1;
-
- memset(&hints, 0, sizeof(hints));
- hints.ai_socktype = type;
- hints.ai_family = AF_UNSPEC;
-
- if (getaddrinfo(host, port, &hints, &res0) != 0) {
- debug(DBG_ERR, "connectport: can't resolve host %s port %s", host, port);
- return -1;
- }
-
- for (res = res0; res; res = res->ai_next) {
- s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
- if (s < 0) {
- debug(DBG_WARN, "connectport: socket failed");
- continue;
- }
- if (connect(s, res->ai_addr, res->ai_addrlen) == 0)
- break;
- debug(DBG_WARN, "connectport: connect failed");
- close(s);
- s = -1;
+/* Disable the "Don't Fragment" bit for UDP sockets. It is set by default, which may cause an "oversized"
+ RADIUS packet to be discarded on first attempt (due to Path MTU discovery).
+*/
+
+void disable_DF_bit(int socket, struct addrinfo *res) {
+ if ((res->ai_family == AF_INET) && (res->ai_socktype == SOCK_DGRAM)) {
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /*
+ * Turn off Path MTU discovery on IPv4/UDP sockets, Linux variant.
+ */
+ int r, action;
+ debug(DBG_INFO, "disable_DF_bit: disabling DF bit (Linux variant)");
+ action = IP_PMTUDISC_DONT;
+ r = setsockopt(socket, IPPROTO_IP, IP_MTU_DISCOVER, &action, sizeof(action));
+ if (r == -1)
+ debug(DBG_WARN, "Failed to set IP_MTU_DISCOVER");
+#else
+ debug(DBG_INFO, "Non-Linux platform, unable to unset DF bit for UDP. You should check with tcpdump whether radsecproxy will send its UDP packets with DF bit set!");
+#endif
}
- freeaddrinfo(res0);
- return s;
}
-#endif
int bindtoaddr(struct addrinfo *addrinfo, int family, int reuse, int v6only) {
int s, on = 1;
debug(DBG_WARN, "bindtoaddr: socket failed");
continue;
}
+
+ disable_DF_bit(s,res);
+
if (reuse)
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
- #ifdef IPV6_V6ONLY
+#ifdef IPV6_V6ONLY
if (v6only)
setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));
- #endif
+#endif
if (!bind(s, res->ai_addr, res->ai_addrlen))
return s;
debug(DBG_WARN, "bindtoaddr: bind failed");
int origflags, error = 0, r = -1;
fd_set writefds;
socklen_t len;
-
+
origflags = fcntl(s, F_GETFL, 0);
fcntl(s, F_SETFL, origflags | O_NONBLOCK);
if (!connect(s, addr, addrlen)) {
if (!getsockopt(s, SOL_SOCKET, SO_ERROR, (char*)&error, &len) && !error)
r = 0;
- exit:
+exit:
fcntl(s, F_SETFL, origflags);
return r;
}
s = -1;
if (timeout) {
- if (res && res->ai_next && timeout > 5)
+ if (addrinfo && addrinfo->ai_next && timeout > 5)
timeout = 5;
to.tv_sec = timeout;
to.tv_usec = 0;
}
-
+
for (res = addrinfo; res; res = res->ai_next) {
s = bindtoaddr(src, res->ai_family, 1, 1);
if (s < 0) {
}
return s;
}
+
+/* Local Variables: */
+/* c-file-style: "stroustrup" */
+/* End: */
projects / libradsec.git / blobdiff