Mon Dec 5 15:46:34 2005 Michael Jennings (mej)

Prevent firewall bounces from trying for the same port.
----------------------------------------------------------------------


SVN revision: 18847

3 files changed, 29 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index dd19cab..a7a3ac9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5437,3 +5437,7 @@ Fixed an incredibly-difficult-to-track-down missing "break" statement
 which caused the "New..." and Ctrl-T functionality to fail to prompt
 for a tab name.
 ----------------------------------------------------------------------
+Mon Dec  5 15:46:34 2005                        Michael Jennings (mej)
+
+Prevent firewall bounces from trying for the same port.
+----------------------------------------------------------------------
diff --git a/src/libscream.c b/src/libscream.c
index bbf1f7e..536a4b1 100644
--- a/src/libscream.c
+++ b/src/libscream.c
@@ -39,6 +39,7 @@
 #include <limits.h>             /* PATH_MAX */
 #include <ctype.h>              /* isspace() */
 #include <errno.h>              /* errno */
+#include <sys/socket.h>
 
 #include "config.h"
 #include "feature.h"
@@ -203,22 +204,29 @@ ns_new_hop(int lp, char *fw, int fp, int delay, _ns_sess * s)
         bzero(h, sizeof(_ns_hop));
         if ((h->fw = STRDUP(fw))) {
             if (!lp) {
-                lp = NS_MIN_PORT;       /* local port defaults to */
-                if (ha) {       /* NS_MIN_PORT. if that's */
-                    int f;      /* taken, use next FREE port. */
-
-                    do {        /* FREE as in, not used by us. */
-                        _ns_hop *i = ha;
-
-                        f = 0;
-                        while (i)
-                            if (i->localport == lp) {
-                                f = 1;
-                                lp++;
-                                i = NULL;
-                            } else
-                                i = i->next;
-                    } while (f);
+                int tmp_sock;
+
+                tmp_sock = socket(PF_INET, SOCK_STREAM, 6);
+                if (tmp_sock > 0) {
+                    struct sockaddr_in addr;
+
+                    addr.sin_family = AF_INET;
+                    addr.sin_addr.s_addr = INADDR_LOOPBACK;
+                    for (lp = NS_MIN_PORT; (lp > 0) && (lp < NS_MAX_PORT); lp++) {
+                        addr.sin_port = htons(lp);
+
+                        if (!bind(tmp_sock, (struct sockaddr *) &addr, sizeof(struct sockaddr_in))
+                            && !listen(tmp_sock, 1)) {
+                            /* We can listen on this port.  Use it! */
+                            /* FIXME:  Minor race condition between port selection and ssh call. */
+                            break;
+                        }
+                    }
+                    if ((lp < 0) || (lp == NS_MAX_PORT)) {
+                        /* We're going to fail anyway, so just throw something in. */
+                        lp = (NS_MIN_PORT + random()) % NS_MAX_PORT;
+                        BOUND(lp, NS_MIN_PORT, NS_MAX_PORT);
+                    }
                 }
             }
             h->delay = (delay ? delay : NS_TUNNEL_DELAY);
diff --git a/src/screamcfg.h b/src/screamcfg.h
index b23606d..d65c89f 100644
--- a/src/screamcfg.h
+++ b/src/screamcfg.h
@@ -54,7 +54,7 @@
 #define NS_SCREEN_PRVS_REG   "\x01:focus up\r"
 
 #define NS_DFLT_SSH_PORT     22
-#define NS_MIN_PORT          1025
+#define NS_MIN_PORT          47323
 #define NS_MAX_PORT          65535
 
 #define NS_MAX_DISPS         512