tlsgate

TLS reverse proxy
git clone git://git.akobets.xyz/tlsgate
Log | Files | Refs | README | LICENSE

commit 5fa5415a8061fbd07048315ac50843b263e71634
parent f41ee3fbc6714372bcea0df642e48503f68b7666
Author: Artem Kobets <artem@akobets.xyz>
Date:   Sat, 19 Sep 2020 08:13:15 +0300

remove connection limit feature

Diffstat:
Mmain.c | 37++++++++++---------------------------
Mtlsgate.1 | 4----
2 files changed, 10 insertions(+), 31 deletions(-)

diff --git a/main.c b/main.c @@ -20,7 +20,6 @@ static void sigchld(int unused); static void usage(void); char *argv0; -static int conns = 0; void serve(struct tls *ctx, int cfd, const char *server_host, const char *server_port, const char *server_udsfile) @@ -33,23 +32,23 @@ serve(struct tls *ctx, int cfd, const char *server_host, const char *server_port char buf[BUFSIZ], *bufp; ssize_t nread, nwritten; - if (sock_set_nonblock(cfd) == -1) - goto cleanup; - - if (tls_accept_socket(ctx, &cctx, cfd) == -1) { - warn("tls_accept_socket"); - goto cleanup; - } - // connect to server sfd = server_udsfile ? sock_server_uds(server_udsfile) : sock_server_ips(server_host, server_port); if (sfd == -1) goto cleanup; + + if (sock_set_nonblock(cfd) == -1) + goto cleanup; if (sock_set_nonblock(sfd) == -1) goto cleanup; + if (tls_accept_socket(ctx, &cctx, cfd) == -1) { + warn("tls_accept_socket"); + goto cleanup; + } + // client pfds[0].fd = cfd; pfds[0].events = POLLIN | POLLOUT; @@ -184,10 +183,7 @@ cleanup: static void sigchld(int unused) { - // wait for children, remove connection counter when they exit - while (wait(NULL) != -1) { - conns--; - } + while (wait(NULL) != -1); } static void @@ -196,8 +192,7 @@ usage(void) fprintf( stderr, "usage: %s [-v] -c cert -k key [-C ca]\n" - " [-h host] [-p port] [-H host] [-P port] [-U file]\n" - " [-n conn-num]\n", + " [-h host] [-p port] [-H host] [-P port] [-U file]\n", argv0 ); exit(1); @@ -216,7 +211,6 @@ main(int argc, char **argv) char *server_host = NULL; char *server_port = NULL; char *server_udsfile = NULL; - int maxconns = 512; struct tls *ctx; struct tls_config *config; @@ -252,9 +246,6 @@ main(int argc, char **argv) case 'U': server_udsfile = optarg; break; - case 'n': - maxconns = atol(optarg); - break; case 'v': puts(VERSION); exit(0); @@ -307,7 +298,6 @@ main(int argc, char **argv) while (1) { pid_t pid; int cfd = -1; - printf("conns %i\n", conns); if ((cfd = accept(fd, NULL, NULL)) == -1) { // can be interrupted with SIGCHLD @@ -316,12 +306,6 @@ main(int argc, char **argv) continue; } - // connection limit - if (conns >= maxconns) { - warnx("Connection limit reached (%i)", maxconns); - continue; - } - switch (pid = fork()) { case 0: { serve(ctx, cfd, server_host, server_port, server_udsfile); @@ -332,7 +316,6 @@ main(int argc, char **argv) close(cfd); break; default: - conns++; close(cfd); break; } diff --git a/tlsgate.1 b/tlsgate.1 @@ -5,7 +5,6 @@ tlsgate \- TLS reverse proxy .B tlsgate [-v] -c cert -k key [-C ca] [-h host] [-p port] [-H host] [-P port] [-U file] -[-n conn-num] .SH DESCRIPTION .B tlsgate is a TLS reverse proxy which can be used to expose an unencrypted connection. @@ -38,9 +37,6 @@ Server port number. .TP .B \-U file Server UNIX domain socket path. -.TP -.B \-n conn-num -Maximum number of connections. Default is 512. .SH EXAMPLES Accept connections on port 443 and pass them to a local http server on port 80. .PP