summaryrefslogtreecommitdiffstats
path: root/libnetdata/socket
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-11-30 18:47:05 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-11-30 18:47:05 +0000
commit97e01009d69b8fbebfebf68f51e3d126d0ed43fc (patch)
tree02e8b836c3a9d89806f3e67d4a5fe9f52dbb0061 /libnetdata/socket
parentReleasing debian version 1.36.1-1. (diff)
downloadnetdata-97e01009d69b8fbebfebf68f51e3d126d0ed43fc.tar.xz
netdata-97e01009d69b8fbebfebf68f51e3d126d0ed43fc.zip
Merging upstream version 1.37.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libnetdata/socket')
-rw-r--r--libnetdata/socket/security.c76
-rw-r--r--libnetdata/socket/security.h16
-rw-r--r--libnetdata/socket/socket.c169
-rw-r--r--libnetdata/socket/socket.h78
4 files changed, 221 insertions, 118 deletions
diff --git a/libnetdata/socket/security.c b/libnetdata/socket/security.c
index 6ac512de..f7b44049 100644
--- a/libnetdata/socket/security.c
+++ b/libnetdata/socket/security.c
@@ -2,14 +2,14 @@
#ifdef ENABLE_HTTPS
-SSL_CTX *netdata_exporting_ctx=NULL;
-SSL_CTX *netdata_client_ctx=NULL;
-SSL_CTX *netdata_srv_ctx=NULL;
-const char *security_key=NULL;
-const char *security_cert=NULL;
+SSL_CTX *netdata_ssl_exporting_ctx =NULL;
+SSL_CTX *netdata_ssl_client_ctx =NULL;
+SSL_CTX *netdata_ssl_srv_ctx =NULL;
+const char *netdata_ssl_security_key =NULL;
+const char *netdata_ssl_security_cert =NULL;
const char *tls_version=NULL;
const char *tls_ciphers=NULL;
-int netdata_validate_server = NETDATA_SSL_VALID_CERTIFICATE;
+int netdata_ssl_validate_server = NETDATA_SSL_VALID_CERTIFICATE;
/**
* Info Callback
@@ -161,7 +161,7 @@ static SSL_CTX * security_initialize_openssl_server() {
return NULL;
}
- SSL_CTX_use_certificate_file(ctx, security_cert, SSL_FILETYPE_PEM);
+ SSL_CTX_use_certificate_file(ctx, netdata_ssl_security_cert, SSL_FILETYPE_PEM);
#else
ctx = SSL_CTX_new(TLS_server_method());
if (!ctx) {
@@ -169,11 +169,11 @@ static SSL_CTX * security_initialize_openssl_server() {
return NULL;
}
- SSL_CTX_use_certificate_chain_file(ctx, security_cert);
+ SSL_CTX_use_certificate_chain_file(ctx, netdata_ssl_security_cert);
#endif
security_openssl_common_options(ctx, 0);
- SSL_CTX_use_PrivateKey_file(ctx,security_key,SSL_FILETYPE_PEM);
+ SSL_CTX_use_PrivateKey_file(ctx, netdata_ssl_security_key,SSL_FILETYPE_PEM);
if (!SSL_CTX_check_private_key(ctx)) {
ERR_error_string_n(ERR_get_error(),lerror,sizeof(lerror));
@@ -207,24 +207,25 @@ void security_start_ssl(int selector) {
switch (selector) {
case NETDATA_SSL_CONTEXT_SERVER: {
struct stat statbuf;
- if (stat(security_key, &statbuf) || stat(security_cert, &statbuf)) {
+ if (stat(netdata_ssl_security_key, &statbuf) || stat(netdata_ssl_security_cert, &statbuf)) {
info("To use encryption it is necessary to set \"ssl certificate\" and \"ssl key\" in [web] !\n");
return;
}
- netdata_srv_ctx = security_initialize_openssl_server();
- SSL_CTX_set_mode(netdata_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+ netdata_ssl_srv_ctx = security_initialize_openssl_server();
+ SSL_CTX_set_mode(netdata_ssl_srv_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
break;
}
case NETDATA_SSL_CONTEXT_STREAMING: {
- netdata_client_ctx = security_initialize_openssl_client();
+ netdata_ssl_client_ctx = security_initialize_openssl_client();
//This is necessary for the stream, because it is working sometimes with nonblock socket.
//It returns the bitmask after to change, there is not any description of errors in the documentation
- SSL_CTX_set_mode(netdata_client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |SSL_MODE_AUTO_RETRY);
+ SSL_CTX_set_mode(
+ netdata_ssl_client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |SSL_MODE_AUTO_RETRY);
break;
}
case NETDATA_SSL_CONTEXT_EXPORTING: {
- netdata_exporting_ctx = security_initialize_openssl_client();
+ netdata_ssl_exporting_ctx = security_initialize_openssl_client();
break;
}
}
@@ -237,16 +238,16 @@ void security_start_ssl(int selector) {
*/
void security_clean_openssl()
{
- if (netdata_srv_ctx) {
- SSL_CTX_free(netdata_srv_ctx);
+ if (netdata_ssl_srv_ctx) {
+ SSL_CTX_free(netdata_ssl_srv_ctx);
}
- if (netdata_client_ctx) {
- SSL_CTX_free(netdata_client_ctx);
+ if (netdata_ssl_client_ctx) {
+ SSL_CTX_free(netdata_ssl_client_ctx);
}
- if (netdata_exporting_ctx) {
- SSL_CTX_free(netdata_exporting_ctx);
+ if (netdata_ssl_exporting_ctx) {
+ SSL_CTX_free(netdata_ssl_exporting_ctx);
}
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110
@@ -355,32 +356,23 @@ int security_test_certificate(SSL *ssl) {
*
* @return It returns 0 on success and -1 otherwise.
*/
-int security_location_for_context(SSL_CTX *ctx, char *file, char *path) {
- struct stat statbuf;
- if (stat(file, &statbuf)) {
- info("Netdata does not have the parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!");
- return 0;
- }
-
- ERR_clear_error();
- u_long err;
- char buf[256];
- if(!SSL_CTX_load_verify_locations(ctx, file, path)) {
- goto slfc;
+int ssl_security_location_for_context(SSL_CTX *ctx, char *file, char *path) {
+ int load_custom = 1, load_default = 1;
+ if (file || path) {
+ if(!SSL_CTX_load_verify_locations(ctx, file, path)) {
+ info("Netdata can not verify custom CAfile or CApath for parent's SSL certificate, so it will use the default OpenSSL configuration to validate certificates!");
+ load_custom = 0;
+ }
}
if(!SSL_CTX_set_default_verify_paths(ctx)) {
- goto slfc;
+ info("Can not verify default OpenSSL configuration to validate certificates!");
+ load_default = 0;
}
- return 0;
+ if (load_custom == 0 && load_default == 0)
+ return -1;
-slfc:
- while ((err = ERR_get_error()) != 0) {
- ERR_error_string_n(err, buf, sizeof(buf));
- error("Cannot set the directory for the certificates and the parent SSL certificate: %s",buf);
- }
- return -1;
+ return 0;
}
-
#endif
diff --git a/libnetdata/socket/security.h b/libnetdata/socket/security.h
index dbf71a6f..ae7c595e 100644
--- a/libnetdata/socket/security.h
+++ b/libnetdata/socket/security.h
@@ -37,20 +37,20 @@
#include <openssl/decoder.h>
#endif
-struct netdata_ssl{
+struct netdata_ssl {
SSL *conn; //SSL connection
uint32_t flags; //The flags for SSL connection
};
-extern SSL_CTX *netdata_exporting_ctx;
-extern SSL_CTX *netdata_client_ctx;
-extern SSL_CTX *netdata_srv_ctx;
-extern const char *security_key;
-extern const char *security_cert;
+extern SSL_CTX *netdata_ssl_exporting_ctx;
+extern SSL_CTX *netdata_ssl_client_ctx;
+extern SSL_CTX *netdata_ssl_srv_ctx;
+extern const char *netdata_ssl_security_key;
+extern const char *netdata_ssl_security_cert;
extern const char *tls_version;
extern const char *tls_ciphers;
-extern int netdata_validate_server;
-extern int security_location_for_context(SSL_CTX *ctx,char *file,char *path);
+extern int netdata_ssl_validate_server;
+int ssl_security_location_for_context(SSL_CTX *ctx,char *file,char *path);
void security_openssl_library();
void security_clean_openssl();
diff --git a/libnetdata/socket/socket.c b/libnetdata/socket/socket.c
index df6d3148..40271b62 100644
--- a/libnetdata/socket/socket.c
+++ b/libnetdata/socket/socket.c
@@ -779,6 +779,10 @@ int connect_to_this(const char *definition, int default_port, struct timeval *ti
char *path = host + 5;
return connect_to_unix(path, timeout);
}
+ else if(*host == '/') {
+ char *path = host;
+ return connect_to_unix(path, timeout);
+ }
char *e = host;
if(*e == '[') {
@@ -826,43 +830,141 @@ int connect_to_this(const char *definition, int default_port, struct timeval *ti
return connect_to_this_ip46(protocol, socktype, host, scope_id, service, timeout);
}
-int connect_to_one_of(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size) {
- int sock = -1;
-
+void foreach_entry_in_connection_string(const char *destination, bool (*callback)(char *entry, void *data), void *data) {
const char *s = destination;
while(*s) {
const char *e = s;
- // skip path, moving both s(tart) and e(nd)
- if(*e == '/')
- while(!isspace(*e) && *e != ',') s = ++e;
-
// skip separators, moving both s(tart) and e(nd)
while(isspace(*e) || *e == ',') s = ++e;
// move e(nd) to the first separator
- while(*e && !isspace(*e) && *e != ',' && *e != '/') e++;
+ while(*e && !isspace(*e) && *e != ',') e++;
// is there anything?
if(!*s || s == e) break;
char buf[e - s + 1];
strncpyz(buf, s, e - s);
- if(reconnects_counter) *reconnects_counter += 1;
- sock = connect_to_this(buf, default_port, timeout);
- if(sock != -1) {
- if(connected_to && connected_to_size) {
- strncpy(connected_to, buf, connected_to_size);
- connected_to[connected_to_size - 1] = '\0';
- }
- break;
- }
+
+ if(callback(buf, data)) break;
+
s = e;
}
+}
- return sock;
+struct connect_to_one_of_data {
+ int default_port;
+ struct timeval *timeout;
+ size_t *reconnects_counter;
+ char *connected_to;
+ size_t connected_to_size;
+ int sock;
+};
+
+static bool connect_to_one_of_callback(char *entry, void *data) {
+ struct connect_to_one_of_data *t = data;
+
+ if(t->reconnects_counter)
+ t->reconnects_counter++;
+
+ t->sock = connect_to_this(entry, t->default_port, t->timeout);
+ if(t->sock != -1) {
+ if(t->connected_to && t->connected_to_size) {
+ strncpyz(t->connected_to, entry, t->connected_to_size);
+ t->connected_to[t->connected_to_size - 1] = '\0';
+ }
+
+ return true;
+ }
+
+ return false;
+}
+
+int connect_to_one_of(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size) {
+ struct connect_to_one_of_data t = {
+ .default_port = default_port,
+ .timeout = timeout,
+ .reconnects_counter = reconnects_counter,
+ .connected_to = connected_to,
+ .connected_to_size = connected_to_size,
+ .sock = -1,
+ };
+
+ foreach_entry_in_connection_string(destination, connect_to_one_of_callback, &t);
+
+ return t.sock;
+}
+
+static bool connect_to_one_of_urls_callback(char *entry, void *data) {
+ char *s = strchr(entry, '/');
+ if(s) *s = '\0';
+
+ return connect_to_one_of_callback(entry, data);
}
+int connect_to_one_of_urls(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size) {
+ struct connect_to_one_of_data t = {
+ .default_port = default_port,
+ .timeout = timeout,
+ .reconnects_counter = reconnects_counter,
+ .connected_to = connected_to,
+ .connected_to_size = connected_to_size,
+ .sock = -1,
+ };
+
+ foreach_entry_in_connection_string(destination, connect_to_one_of_urls_callback, &t);
+
+ return t.sock;
+}
+
+
+#ifdef ENABLE_HTTPS
+ssize_t netdata_ssl_read(SSL *ssl, void *buf, size_t num) {
+ error_limit_static_thread_var(erl, 1, 0);
+
+ int bytes, err, retries = 0;
+
+ //do {
+ bytes = SSL_read(ssl, buf, (int)num);
+ err = SSL_get_error(ssl, bytes);
+ retries++;
+ //} while (bytes <= 0 && (err == SSL_ERROR_WANT_READ));
+
+ if(unlikely(bytes <= 0))
+ error("SSL_read() returned %d bytes, SSL error %d", bytes, err);
+
+ if(retries > 1)
+ error_limit(&erl, "SSL_read() retried %d times", retries);
+
+ return bytes;
+}
+
+ssize_t netdata_ssl_write(SSL *ssl, const void *buf, size_t num) {
+ error_limit_static_thread_var(erl, 1, 0);
+
+ int bytes, err, retries = 0;
+ size_t total = 0;
+
+ //do {
+ bytes = SSL_write(ssl, (uint8_t *)buf + total, (int)(num - total));
+ err = SSL_get_error(ssl, bytes);
+ retries++;
+
+ if(bytes > 0)
+ total += bytes;
+
+ //} while ((bytes <= 0 && (err == SSL_ERROR_WANT_WRITE)) || (bytes > 0 && total < num));
+
+ if(unlikely(bytes <= 0))
+ error("SSL_write() returned %d bytes, SSL error %d", bytes, err);
+
+ if(retries > 1)
+ error_limit(&erl, "SSL_write() retried %d times", retries);
+
+ return bytes;
+}
+#endif
// --------------------------------------------------------------------------------------------------------------------
// helpers to send/receive data in one call, in blocking mode, with a timeout
@@ -901,12 +1003,10 @@ ssize_t recv_timeout(int sockfd, void *buf, size_t len, int flags, int timeout)
}
#ifdef ENABLE_HTTPS
- if (ssl->conn) {
- if (!ssl->flags) {
- return SSL_read(ssl->conn,buf,len);
- }
- }
+ if (ssl->conn && ssl->flags == NETDATA_SSL_HANDSHAKE_COMPLETE)
+ return netdata_ssl_read(ssl->conn, buf, len);
#endif
+
return recv(sockfd, buf, len, flags);
}
@@ -945,8 +1045,12 @@ ssize_t send_timeout(int sockfd, void *buf, size_t len, int flags, int timeout)
#ifdef ENABLE_HTTPS
if(ssl->conn) {
- if (!ssl->flags) {
- return SSL_write(ssl->conn, buf, len);
+ if (ssl->flags == NETDATA_SSL_HANDSHAKE_COMPLETE) {
+ return netdata_ssl_write(ssl->conn, buf, len);
+ }
+ else {
+ error("cannot write to SSL connection - connection is not ready.");
+ return -1;
}
}
#endif
@@ -1087,12 +1191,11 @@ int accept_socket(int fd, int flags, char *client_ip, size_t ipsize, char *clien
if (getnameinfo((struct sockaddr *)&sadr, addrlen, client_ip, (socklen_t)ipsize,
client_port, (socklen_t)portsize, NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
error("LISTENER: cannot getnameinfo() on received client connection.");
- strncpyz(client_ip, "UNKNOWN", ipsize - 1);
- strncpyz(client_port, "UNKNOWN", portsize - 1);
+ strncpyz(client_ip, "UNKNOWN", ipsize);
+ strncpyz(client_port, "UNKNOWN", portsize);
}
if (!strcmp(client_ip, "127.0.0.1") || !strcmp(client_ip, "::1")) {
- strncpy(client_ip, "localhost", ipsize);
- client_ip[ipsize - 1] = '\0';
+ strncpyz(client_ip, "localhost", ipsize);
}
#ifdef __FreeBSD__
@@ -1107,8 +1210,7 @@ int accept_socket(int fd, int flags, char *client_ip, size_t ipsize, char *clien
case AF_UNIX:
debug(D_LISTENER, "New UNIX domain web client from %s on socket %d.", client_ip, fd);
// set the port - certain versions of libc return garbage on unix sockets
- strncpy(client_port, "UNIX", portsize);
- client_port[portsize - 1] = '\0';
+ strncpyz(client_port, "UNIX", portsize);
break;
case AF_INET:
@@ -1490,8 +1592,9 @@ static int poll_process_new_tcp_connection(POLLJOB *p, POLLINFO *pi, struct poll
debug(D_POLLFD, "POLLFD: LISTENER: accept4() slot %zu (fd %d) failed.", pi->slot, pf->fd);
if(unlikely(errno == EMFILE)) {
- error("POLLFD: LISTENER: too many open files - sleeping for 1ms - used by this thread %zu, max for this thread %zu", p->used, p->limit);
- usleep(1000); // 1ms
+ error_limit_static_global_var(erl, 10, 1000);
+ error_limit(&erl, "POLLFD: LISTENER: too many open files - used by this thread %zu, max for this thread %zu",
+ p->used, p->limit);
}
else if(unlikely(errno != EWOULDBLOCK && errno != EAGAIN))
error("POLLFD: LISTENER: accept() failed.");
diff --git a/libnetdata/socket/socket.h b/libnetdata/socket/socket.h
index a40d801d..28232427 100644
--- a/libnetdata/socket/socket.h
+++ b/libnetdata/socket/socket.h
@@ -10,19 +10,22 @@
#endif
typedef enum web_client_acl {
- WEB_CLIENT_ACL_NONE = 0,
- WEB_CLIENT_ACL_NOCHECK = 0,
- WEB_CLIENT_ACL_DASHBOARD = 1 << 0,
- WEB_CLIENT_ACL_REGISTRY = 1 << 1,
- WEB_CLIENT_ACL_BADGE = 1 << 2,
- WEB_CLIENT_ACL_MGMT = 1 << 3,
- WEB_CLIENT_ACL_STREAMING = 1 << 4,
- WEB_CLIENT_ACL_NETDATACONF = 1 << 5,
+ WEB_CLIENT_ACL_NONE = 0,
+ WEB_CLIENT_ACL_NOCHECK = 0,
+ WEB_CLIENT_ACL_DASHBOARD = 1 << 0,
+ WEB_CLIENT_ACL_REGISTRY = 1 << 1,
+ WEB_CLIENT_ACL_BADGE = 1 << 2,
+ WEB_CLIENT_ACL_MGMT = 1 << 3,
+ WEB_CLIENT_ACL_STREAMING = 1 << 4,
+ WEB_CLIENT_ACL_NETDATACONF = 1 << 5,
WEB_CLIENT_ACL_SSL_OPTIONAL = 1 << 6,
- WEB_CLIENT_ACL_SSL_FORCE = 1 << 7,
- WEB_CLIENT_ACL_SSL_DEFAULT = 1 << 8
+ WEB_CLIENT_ACL_SSL_FORCE = 1 << 7,
+ WEB_CLIENT_ACL_SSL_DEFAULT = 1 << 8,
+ WEB_CLIENT_ACL_ACLK = 1 << 9,
} WEB_CLIENT_ACL;
+#define WEB_CLIENT_ACL_ALL 0xFFFF
+
#define web_client_can_access_dashboard(w) ((w)->acl & WEB_CLIENT_ACL_DASHBOARD)
#define web_client_can_access_registry(w) ((w)->acl & WEB_CLIENT_ACL_REGISTRY)
#define web_client_can_access_badges(w) ((w)->acl & WEB_CLIENT_ACL_BADGE)
@@ -49,37 +52,42 @@ typedef struct listen_sockets {
WEB_CLIENT_ACL fds_acl_flags[MAX_LISTEN_FDS]; // the acl to apply to the open sockets (dashboard, badges, streaming, netdata.conf, management)
} LISTEN_SOCKETS;
-extern char *strdup_client_description(int family, const char *protocol, const char *ip, uint16_t port);
+char *strdup_client_description(int family, const char *protocol, const char *ip, uint16_t port);
-extern int listen_sockets_setup(LISTEN_SOCKETS *sockets);
-extern void listen_sockets_close(LISTEN_SOCKETS *sockets);
+int listen_sockets_setup(LISTEN_SOCKETS *sockets);
+void listen_sockets_close(LISTEN_SOCKETS *sockets);
-extern int connect_to_this(const char *definition, int default_port, struct timeval *timeout);
-extern int connect_to_one_of(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size);
+void foreach_entry_in_connection_string(const char *destination, bool (*callback)(char *entry, void *data), void *data);
int connect_to_this_ip46(int protocol, int socktype, const char *host, uint32_t scope_id, const char *service, struct timeval *timeout);
+int connect_to_this(const char *definition, int default_port, struct timeval *timeout);
+int connect_to_one_of(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size);
+int connect_to_one_of_urls(const char *destination, int default_port, struct timeval *timeout, size_t *reconnects_counter, char *connected_to, size_t connected_to_size);
+
#ifdef ENABLE_HTTPS
-extern ssize_t recv_timeout(struct netdata_ssl *ssl,int sockfd, void *buf, size_t len, int flags, int timeout);
-extern ssize_t send_timeout(struct netdata_ssl *ssl,int sockfd, void *buf, size_t len, int flags, int timeout);
+ssize_t recv_timeout(struct netdata_ssl *ssl,int sockfd, void *buf, size_t len, int flags, int timeout);
+ssize_t send_timeout(struct netdata_ssl *ssl,int sockfd, void *buf, size_t len, int flags, int timeout);
+ssize_t netdata_ssl_read(SSL *ssl, void *buf, size_t num);
+ssize_t netdata_ssl_write(SSL *ssl, const void *buf, size_t num);
#else
-extern ssize_t recv_timeout(int sockfd, void *buf, size_t len, int flags, int timeout);
-extern ssize_t send_timeout(int sockfd, void *buf, size_t len, int flags, int timeout);
+ssize_t recv_timeout(int sockfd, void *buf, size_t len, int flags, int timeout);
+ssize_t send_timeout(int sockfd, void *buf, size_t len, int flags, int timeout);
#endif
-extern int sock_setnonblock(int fd);
-extern int sock_delnonblock(int fd);
-extern int sock_setreuse(int fd, int reuse);
-extern int sock_setreuse_port(int fd, int reuse);
-extern int sock_enlarge_in(int fd);
-extern int sock_enlarge_out(int fd);
+int sock_setnonblock(int fd);
+int sock_delnonblock(int fd);
+int sock_setreuse(int fd, int reuse);
+int sock_setreuse_port(int fd, int reuse);
+int sock_enlarge_in(int fd);
+int sock_enlarge_out(int fd);
-extern int connection_allowed(int fd, char *client_ip, char *client_host, size_t hostsize,
+int connection_allowed(int fd, char *client_ip, char *client_host, size_t hostsize,
SIMPLE_PATTERN *access_list, const char *patname, int allow_dns);
-extern int accept_socket(int fd, int flags, char *client_ip, size_t ipsize, char *client_port, size_t portsize,
+int accept_socket(int fd, int flags, char *client_ip, size_t ipsize, char *client_port, size_t portsize,
char *client_host, size_t hostsize, SIMPLE_PATTERN *access_list, int allow_dns);
#ifndef HAVE_ACCEPT4
-extern int accept4(int sock, struct sockaddr *addr, socklen_t *addrlen, int flags);
+int accept4(int sock, struct sockaddr *addr, socklen_t *addrlen, int flags);
#ifndef SOCK_NONBLOCK
#define SOCK_NONBLOCK 00004000
@@ -167,12 +175,12 @@ struct poll {
#define pollinfo_from_slot(p, slot) (&((p)->inf[(slot)]))
-extern int poll_default_snd_callback(POLLINFO *pi, short int *events);
-extern int poll_default_rcv_callback(POLLINFO *pi, short int *events);
-extern void poll_default_del_callback(POLLINFO *pi);
-extern void *poll_default_add_callback(POLLINFO *pi, short int *events, void *data);
+int poll_default_snd_callback(POLLINFO *pi, short int *events);
+int poll_default_rcv_callback(POLLINFO *pi, short int *events);
+void poll_default_del_callback(POLLINFO *pi);
+void *poll_default_add_callback(POLLINFO *pi, short int *events, void *data);
-extern POLLINFO *poll_add_fd(POLLJOB *p
+POLLINFO *poll_add_fd(POLLJOB *p
, int fd
, int socktype
, WEB_CLIENT_ACL port_acl
@@ -186,9 +194,9 @@ extern POLLINFO *poll_add_fd(POLLJOB *p
, int (*snd_callback)(POLLINFO *pi, short int *events)
, void *data
);
-extern void poll_close_fd(POLLINFO *pi);
+void poll_close_fd(POLLINFO *pi);
-extern void poll_events(LISTEN_SOCKETS *sockets
+void poll_events(LISTEN_SOCKETS *sockets
, void *(*add_callback)(POLLINFO *pi, short int *events, void *data)
, void (*del_callback)(POLLINFO *pi)
, int (*rcv_callback)(POLLINFO *pi, short int *events)