diff --git a/ext/lwipopts.h b/ext/lwipopts.h index 4f867e71c..e7b78a8fc 100644 --- a/ext/lwipopts.h +++ b/ext/lwipopts.h @@ -130,7 +130,7 @@ * MEMP_NUM_RAW_PCB: Number of raw connection PCBs * (requires the LWIP_RAW option) */ -#define MEMP_NUM_RAW_PCB 1 +#define MEMP_NUM_RAW_PCB 128 /** * MEMP_NUM_UDP_PCB: the number of UDP protocol control blocks. One diff --git a/netcon/NetconEthernetTap.cpp b/netcon/NetconEthernetTap.cpp index 824f1734a..11c877cc0 100644 --- a/netcon/NetconEthernetTap.cpp +++ b/netcon/NetconEthernetTap.cpp @@ -520,8 +520,12 @@ err_t NetconEthernetTap::nc_accept(void *arg, struct tcp_pcb *newpcb, err_t err) if(conn) { ZT_PHY_SOCKFD_TYPE fds[2]; - socketpair(PF_LOCAL, SOCK_STREAM, 0, fds); - + if(socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) < 0) { + if(errno < 0) { + l->tap->send_return_value(conn, -1, errno); + return ERR_MEM; + } + } TcpConnection *new_tcp_conn = new TcpConnection(); new_tcp_conn->dataSock = tap->_phy.wrapSocket(fds[0], new_tcp_conn); new_tcp_conn->rpcSock = conn->rpcSock; @@ -916,7 +920,12 @@ void NetconEthernetTap::handle_socket(PhySocket *sock, void **uptr, struct socke struct tcp_pcb *newpcb = lwipstack->tcp_new(); if(newpcb != NULL) { ZT_PHY_SOCKFD_TYPE fds[2]; - socketpair(PF_LOCAL, SOCK_STREAM, 0, fds); + if(socketpair(PF_LOCAL, SOCK_STREAM, 0, fds) < 0) { + if(errno < 0) { + send_return_value(_phy.getDescriptor(sock), -1, errno); + return; + } + } TcpConnection *new_conn = new TcpConnection(); new_conn->dataSock = _phy.wrapSocket(fds[0], new_conn); *uptr = new_conn; @@ -950,7 +959,7 @@ void NetconEthernetTap::handle_socket(PhySocket *sock, void **uptr, struct socke [i] EACCES - For UNIX domain sockets, which are identified by pathname: Write permission is denied ... [ ] EACCES, EPERM - The user tried to connect to a broadcast address without having the socket broadcast flag enabled ... [i] EADDRINUSE - Local address is already in use. - [i] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field. + [?] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field. [ ] EAGAIN - No more free local ports or insufficient entries in the routing cache. [ ] EALREADY - The socket is nonblocking and a previous connection attempt has not yet been completed. [ ] EBADF - The file descriptor is not a valid index in the descriptor table. diff --git a/netcon/intercept.c b/netcon/intercept.c index 41ad804c8..a2d6e31a4 100755 --- a/netcon/intercept.c +++ b/netcon/intercept.c @@ -515,15 +515,16 @@ void sock_domain_to_str(int domain) int socket(SOCKET_SIG) { #ifdef CHECKS + /* Check that type makes sense */ + int flags = socket_type & ~SOCK_TYPE_MASK; + if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) + return -EINVAL; + socket_type &= SOCK_TYPE_MASK; /* Check protocol is in range */ if (socket_family < 0 || socket_family >= NPROTO) return -EAFNOSUPPORT; if (socket_type < 0 || socket_type >= SOCK_MAX) return -EINVAL; - /* Check that type makes sense */ - int flags = socket_type & ~SOCK_TYPE_MASK; - if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) - return -EINVAL; #endif #ifdef DUMMY @@ -658,7 +659,8 @@ int connect(CONNECT_SIG) ---------------------------------- select() ------------------------------------ ------------------------------------------------------------------------------*/ -/* int n, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout */ +/* int n, fd_set *readfds, fd_set *writefds, +fd_set *exceptfds, struct timeval *timeout */ int select(SELECT_SIG) { #ifdef DUMMY diff --git a/netcon/libintercept.so.1.0 b/netcon/libintercept.so.1.0 index 221d24287..d0b5ffda6 100755 Binary files a/netcon/libintercept.so.1.0 and b/netcon/libintercept.so.1.0 differ