diff options
author | Michael Jennings <mej@kainx.org> | 2005-12-05 20:45:58 +0000 |
---|---|---|
committer | Michael Jennings <mej@kainx.org> | 2005-12-05 20:45:58 +0000 |
commit | a4e4d0359b7215501119b647ffd0f9cf91e4fdf9 (patch) | |
tree | b67e9b3c220b715896cfe1a0bf66870e6ea603a0 | |
parent | 70d1f79258887e9b50549aca9434925d8322d0e8 (diff) | |
download | eterm-a4e4d0359b7215501119b647ffd0f9cf91e4fdf9.tar.gz |
Mon Dec 5 15:46:34 2005 Michael Jennings (mej)
Prevent firewall bounces from trying for the same port.
----------------------------------------------------------------------
SVN revision: 18847
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/libscream.c | 40 | ||||
-rw-r--r-- | src/screamcfg.h | 2 |
3 files changed, 29 insertions, 17 deletions
@@ -5437,3 +5437,7 @@ Fixed an incredibly-difficult-to-track-down missing "break" statement which caused the "New..." and Ctrl-T functionality to fail to prompt for a tab name. ---------------------------------------------------------------------- +Mon Dec 5 15:46:34 2005 Michael Jennings (mej) + +Prevent firewall bounces from trying for the same port. +---------------------------------------------------------------------- diff --git a/src/libscream.c b/src/libscream.c index bbf1f7e..536a4b1 100644 --- a/src/libscream.c +++ b/src/libscream.c @@ -39,6 +39,7 @@ #include <limits.h> /* PATH_MAX */ #include <ctype.h> /* isspace() */ #include <errno.h> /* errno */ +#include <sys/socket.h> #include "config.h" #include "feature.h" @@ -203,22 +204,29 @@ ns_new_hop(int lp, char *fw, int fp, int delay, _ns_sess * s) bzero(h, sizeof(_ns_hop)); if ((h->fw = STRDUP(fw))) { if (!lp) { - lp = NS_MIN_PORT; /* local port defaults to */ - if (ha) { /* NS_MIN_PORT. if that's */ - int f; /* taken, use next FREE port. */ - - do { /* FREE as in, not used by us. */ - _ns_hop *i = ha; - - f = 0; - while (i) - if (i->localport == lp) { - f = 1; - lp++; - i = NULL; - } else - i = i->next; - } while (f); + int tmp_sock; + + tmp_sock = socket(PF_INET, SOCK_STREAM, 6); + if (tmp_sock > 0) { + struct sockaddr_in addr; + + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_LOOPBACK; + for (lp = NS_MIN_PORT; (lp > 0) && (lp < NS_MAX_PORT); lp++) { + addr.sin_port = htons(lp); + + if (!bind(tmp_sock, (struct sockaddr *) &addr, sizeof(struct sockaddr_in)) + && !listen(tmp_sock, 1)) { + /* We can listen on this port. Use it! */ + /* FIXME: Minor race condition between port selection and ssh call. */ + break; + } + } + if ((lp < 0) || (lp == NS_MAX_PORT)) { + /* We're going to fail anyway, so just throw something in. */ + lp = (NS_MIN_PORT + random()) % NS_MAX_PORT; + BOUND(lp, NS_MIN_PORT, NS_MAX_PORT); + } } } h->delay = (delay ? delay : NS_TUNNEL_DELAY); diff --git a/src/screamcfg.h b/src/screamcfg.h index b23606d..d65c89f 100644 --- a/src/screamcfg.h +++ b/src/screamcfg.h @@ -54,7 +54,7 @@ #define NS_SCREEN_PRVS_REG "\x01:focus up\r" #define NS_DFLT_SSH_PORT 22 -#define NS_MIN_PORT 1025 +#define NS_MIN_PORT 47323 #define NS_MAX_PORT 65535 #define NS_MAX_DISPS 512 |