1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*++
/* NAME
/* sane_accept 3
/* SUMMARY
/* sanitize accept() error returns
/* SYNOPSIS
/* #include <sane_accept.h>
/*
/* int sane_accept(sock, buf, len)
/* int sock;
/* struct sockaddr *buf;
/* SOCKADDR_SIZE *len;
/* DESCRIPTION
/* sane_accept() implements the accept(2) socket call, and maps
/* known harmless error results to EAGAIN.
/*
/* If the buf and len arguments are not null, then additional
/* workarounds may be enabled that depend on the socket type.
/* BUGS
/* Bizarre systems may have other harmless error results. Such
/* systems encourage programmers to ignore error results, and
/* penalize programmers who code defensively.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include "sys_defs.h"
#include <sys/socket.h>
#include <errno.h>
/* Utility library. */
#include "msg.h"
#include "sane_accept.h"
/* sane_accept - sanitize accept() error returns */
int sane_accept(int sock, struct sockaddr *sa, SOCKADDR_SIZE *len)
{
static int accept_ok_errors[] = {
EAGAIN,
ECONNREFUSED,
ECONNRESET,
EHOSTDOWN,
EHOSTUNREACH,
EINTR,
ENETDOWN,
ENETUNREACH,
ENOTCONN,
EWOULDBLOCK,
ENOBUFS, /* HPUX11 */
ECONNABORTED,
#ifdef EPROTO
EPROTO, /* SunOS 5.5.1 */
#endif
0,
};
int count;
int err;
int fd;
/*
* XXX Solaris 2.4 accept() returns EPIPE when a UNIX-domain client has
* disconnected in the mean time. From then on, UNIX-domain sockets are
* hosed beyond recovery. There is no point treating this as a beneficial
* error result because the program would go into a tight loop.
*
* XXX Solaris 2.5.1 accept() returns EPROTO when a TCP client has
* disconnected in the mean time. Since there is no connection, it is
* safe to map the error code onto EAGAIN.
*
* XXX LINUX < 2.1 accept() wakes up before the three-way handshake is
* complete, so it can fail with ECONNRESET and other "false alarm"
* indications.
*
* XXX FreeBSD 4.2-STABLE accept() returns ECONNABORTED when a UNIX-domain
* client has disconnected in the mean time. The data that was sent with
* connect() write() close() is lost, even though the write() and close()
* reported successful completion. This was fixed shortly before FreeBSD
* 4.3.
*
* XXX HP-UX 11 returns ENOBUFS when the client has disconnected in the mean
* time.
*/
if ((fd = accept(sock, sa, len)) < 0) {
for (count = 0; (err = accept_ok_errors[count]) != 0; count++) {
if (errno == err) {
errno = EAGAIN;
break;
}
}
}
/*
* XXX Solaris select() produces false read events, so that read() blocks
* forever on a blocking socket, and fails with EAGAIN on a non-blocking
* socket. Turning on keepalives will fix a blocking socket provided that
* the kernel's keepalive timer expires before the Postfix watchdog
* timer.
*
* XXX Work around NAT induced damage by sending a keepalive before an idle
* connection is expired. This requires that the kernel keepalive timer
* is set to a short time, like 100s.
*/
else if (sa && (sa->sa_family == AF_INET
#ifdef HAS_IPV6
|| sa->sa_family == AF_INET6
#endif
)) {
int on = 1;
(void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
(void *) &on, sizeof(on));
}
return (fd);
}
|
