From 7a924b6d9cca4f944738b1a0e752f08d3b17935b Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Fri, 25 Sep 2020 12:23:35 -0600 Subject: [PATCH] Don't attempt TLS if the client closes the connection with zero data sent. Resolves #357 Signed-off-by: Alan Jowett --- src/defs.h | 1 + src/worker-vpn.c | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/defs.h b/src/defs.h index 3bb8e1b7..262b2e51 100644 --- a/src/defs.h +++ b/src/defs.h @@ -38,6 +38,7 @@ #define REASON_ERROR 6 #define REASON_SESSION_TIMEOUT 7 #define REASON_TEMP_DISCONNECT 8 +#define REASON_HEALTH_PROBE 9 /* Timeout (secs) for communication between main and sec-mod */ #define MAIN_SEC_MOD_TIMEOUT 120 diff --git a/src/worker-vpn.c b/src/worker-vpn.c index cd998515..31ce226d 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -103,6 +103,8 @@ static void set_socket_timeout(worker_st * ws, int fd); static void link_mtu_set(worker_st * ws, unsigned mtu); +static int test_for_tcp_health_probe(struct worker_st *ws); + static void handle_alarm(int signo) { if (global_ws) @@ -789,6 +791,11 @@ void vpn_server(struct worker_st *ws) * as we need to set some cipher priorities for handshake to start. */ ws->vhost = find_vhost(ws->vconfig, NULL); + if (test_for_tcp_health_probe(ws) != 0) { + oclog(ws, LOG_DEBUG, "Received TCP health probe from load-balancer"); + exit_worker_reason(ws, REASON_HEALTH_PROBE); + } + /* initialize the session */ ret = gnutls_init(&session, GNUTLS_SERVER); GNUTLS_FATAL_ERR(ret); @@ -2689,3 +2696,16 @@ static int parse_dtls_data(struct worker_st *ws, ws->last_msg_udp = now; return ret; } + +static int test_for_tcp_health_probe(struct worker_st *ws) +{ + int ret; + uint8_t buffer[1]; + ret = recv(ws->conn_fd, buffer, sizeof(buffer), MSG_PEEK); + + // If we get back an error, assume this was a tcp health probe + if (ret > 0) + return 0; + else + return 1; +}