changeset 1052:e40d1b63b6a6 coverity

merge
author Matt Johnston <matt@ucc.asn.au>
date Sat, 28 Feb 2015 23:25:16 +0800
parents b8f4b7027191 (current diff) 359fba4b1a49 (diff)
children 210982935887
files
diffstat 19 files changed, 748 insertions(+), 501 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile.in	Tue Feb 24 22:48:34 2015 +0800
+++ b/Makefile.in	Sat Feb 28 23:25:16 2015 +0800
@@ -40,12 +40,12 @@
 CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-runopts.o cli-chansession.o \
 		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
-		cli-agentfwd.o list.o
+		cli-agentfwd.o 
 
 CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
 			common-channel.o common-chansession.o termcodes.o loginrec.o \
 			tcp-accept.o listener.o process-packet.o \
-			common-runopts.o circbuffer.o curve25519-donna.o
+			common-runopts.o circbuffer.o curve25519-donna.o list.o netio.o
 
 KEYOBJS=dropbearkey.o
 
--- a/channel.h	Tue Feb 24 22:48:34 2015 +0800
+++ b/channel.h	Sat Feb 28 23:25:16 2015 +0800
@@ -73,6 +73,7 @@
 	 * to ensure we don't run it twice (nor type->checkclose()). */
 	int close_handler_done;
 
+	struct dropbear_progress_connection *conn_pending;
 	int initconn; /* used for TCP forwarding, whether the channel has been
 					 fully initialised */
 
@@ -100,6 +101,9 @@
 	void (*closehandler)(struct Channel*);
 };
 
+/* Callback for connect_remote */
+void channel_connect_done(int result, int sock, void* user_data, const char* errstring);
+
 void chaninitialise(const struct ChanType *chantypes[]);
 void chancleanup();
 void setchannelfds(fd_set *readfd, fd_set *writefd);
--- a/cli-authpubkey.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/cli-authpubkey.c	Sat Feb 28 23:25:16 2015 +0800
@@ -58,7 +58,7 @@
 	buffer* keybuf = NULL;
 	char* algotype = NULL;
 	unsigned int algolen;
-	int keytype;
+	enum signkey_type keytype;
 	unsigned int remotelen;
 
 	TRACE(("enter recv_msg_userauth_pk_ok"))
--- a/cli-main.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/cli-main.c	Sat Feb 28 23:25:16 2015 +0800
@@ -30,6 +30,7 @@
 #include "session.h"
 #include "dbrandom.h"
 #include "crypto_desc.h"
+#include "netio.h"
 
 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 static void cli_dropbear_log(int priority, const char* format, va_list param);
@@ -46,7 +47,7 @@
 #endif
 
 	int sock_in, sock_out;
-	char* error = NULL;
+	struct dropbear_progress_connection *progress = NULL;
 
 	_dropbear_exit = cli_dropbear_exit;
 	_dropbear_log = cli_dropbear_log;
@@ -72,15 +73,11 @@
 	} else
 #endif
 	{
-		int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, &error);
-		sock_in = sock_out = sock;
+		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses);
+		sock_in = sock_out = -1;
 	}
 
-	if (sock_in < 0) {
-		dropbear_exit("%s", error);
-	}
-
-	cli_session(sock_in, sock_out);
+	cli_session(sock_in, sock_out, progress);
 
 	/* not reached */
 	return -1;
--- a/cli-session.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/cli-session.c	Sat Feb 28 23:25:16 2015 +0800
@@ -37,6 +37,7 @@
 #include "chansession.h"
 #include "agentfwd.h"
 #include "crypto_desc.h"
+#include "netio.h"
 
 static void cli_remoteclosed() ATTRIB_NORETURN;
 static void cli_sessionloop();
@@ -93,15 +94,30 @@
 	NULL /* Null termination */
 };
 
-void cli_session(int sock_in, int sock_out) {
+void cli_connected(int result, int sock, void* userdata, const char *errstring)
+{
+	struct sshsession *myses = userdata;
+	if (result == DROPBEAR_FAILURE) {
+		dropbear_exit("Connect failed: %s", errstring);
+	}
+	myses->sock_in = myses->sock_out = sock;
+	update_channel_prio();
+}
+
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) {
 
 	common_session_init(sock_in, sock_out);
 
+	if (progress) {
+		connect_set_writequeue(progress, &ses.writequeue);
+	}
+
 	chaninitialise(cli_chantypes);
 
 	/* Set up cli_ses vars */
 	cli_session_init();
 
+
 	/* Ready to go */
 	sessinitdone = 1;
 
--- a/cli-tcpfwd.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/cli-tcpfwd.c	Sat Feb 28 23:25:16 2015 +0800
@@ -30,6 +30,7 @@
 #include "runopts.h"
 #include "session.h"
 #include "ssh.h"
+#include "netio.h"
 
 #ifdef ENABLE_CLI_REMOTETCPFWD
 static int newtcpforwarded(struct Channel * channel);
@@ -215,7 +216,6 @@
 	m_list_elem * iter = NULL;
 	struct TCPFwdEntry *fwd;
 	char portstring[NI_MAXSERV];
-	int sock;
 	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
 
 	origaddr = buf_getstring(ses.payload, NULL);
@@ -254,19 +254,7 @@
 	}
 	
 	snprintf(portstring, sizeof(portstring), "%d", fwd->connectport);
-	sock = connect_remote(fwd->connectaddr, portstring, NULL);
-	if (sock < 0) {
-		TRACE(("leave newtcpdirect: sock failed"))
-		err = SSH_OPEN_CONNECT_FAILED;
-		goto out;
-	}
-
-	ses.maxfd = MAX(ses.maxfd, sock);
-
-	/* We don't set readfd, that will get set after the connection's
-	 * progress succeeds */
-	channel->writefd = sock;
-	channel->initconn = 1;
+	channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel);
 
 	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
 	
--- a/common-channel.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/common-channel.c	Sat Feb 28 23:25:16 2015 +0800
@@ -35,6 +35,7 @@
 #include "ssh.h"
 #include "listener.h"
 #include "runopts.h"
+#include "netio.h"
 
 static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
 		const unsigned char *text, const unsigned char *lang);
@@ -48,7 +49,6 @@
 static void send_msg_channel_eof(struct Channel *channel);
 static void send_msg_channel_close(struct Channel *channel);
 static void remove_channel(struct Channel *channel);
-static void check_in_progress(struct Channel *channel);
 static unsigned int write_pending(struct Channel * channel);
 static void check_close(struct Channel *channel);
 static void close_chan_fd(struct Channel *channel, int fd, int how);
@@ -163,7 +163,6 @@
 	newchan->writefd = FD_UNINIT;
 	newchan->readfd = FD_UNINIT;
 	newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
-	newchan->initconn = 0;
 	newchan->await_open = 0;
 	newchan->flushing = 0;
 
@@ -242,12 +241,6 @@
 
 		/* write to program/pipe stdin */
 		if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) {
-			if (channel->initconn) {
-				/* XXX should this go somewhere cleaner? */
-				check_in_progress(channel);
-				continue; /* Important not to use the channel after
-							 check_in_progress(), as it may be NULL */
-			}
 			writechannel(channel, channel->writefd, channel->writebuf);
 			do_check_close = 1;
 		}
@@ -374,27 +367,27 @@
  * if so, set up the channel properly. Otherwise, the channel is cleaned up, so
  * it is important that the channel reference isn't used after a call to this
  * function */
-static void check_in_progress(struct Channel *channel) {
+void channel_connect_done(int result, int sock, void* user_data, const char* UNUSED(errstring)) {
 
-	int val;
-	socklen_t vallen = sizeof(val);
-
-	TRACE(("enter check_in_progress"))
+	struct Channel *channel = user_data;
 
-	if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen)
-			|| val != 0) {
-		send_msg_channel_open_failure(channel->remotechan,
-				SSH_OPEN_CONNECT_FAILED, "", "");
-		close(channel->writefd);
-		remove_channel(channel);
-		TRACE(("leave check_in_progress: fail"))
-	} else {
+	TRACE(("enter channel_connect_done"))
+
+	if (result == DROPBEAR_SUCCESS)
+	{
+		channel->readfd = channel->writefd = sock;
+		channel->conn_pending = NULL;
 		chan_initwritebuf(channel);
 		send_msg_channel_open_confirmation(channel, channel->recvwindow,
 				channel->recvmaxpacket);
-		channel->readfd = channel->writefd;
-		channel->initconn = 0;
-		TRACE(("leave check_in_progress: success"))
+		TRACE(("leave channel_connect_done: success"))
+	}
+	else
+	{
+		send_msg_channel_open_failure(channel->remotechan,
+				SSH_OPEN_CONNECT_FAILED, "", "");
+		remove_channel(channel);
+		TRACE(("leave check_in_progress: fail"))
 	}
 }
 
@@ -514,8 +507,7 @@
 		}
 
 		/* Stuff from the wire */
-		if (channel->initconn
-			||(channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0)) {
+		if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
 				FD_SET(channel->writefd, writefds);
 		}
 
@@ -599,6 +591,10 @@
 		channel->close_handler_done = 1;
 	}
 
+	if (channel->conn_pending) {
+		cancel_connect(channel->conn_pending);
+	}
+
 	ses.channels[channel->index] = NULL;
 	m_free(channel);
 	ses.chancount--;
@@ -1149,7 +1145,7 @@
 		struct Channel *chan = ses.channels[i];
 		if (chan
 				&& !(chan->sent_eof || chan->recv_eof)
-				&& !(chan->await_open || chan->initconn)) {
+				&& !(chan->await_open)) {
 			return chan;
 		}
 	}
--- a/common-session.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/common-session.c	Sat Feb 28 23:25:16 2015 +0800
@@ -34,6 +34,7 @@
 #include "kex.h"
 #include "channel.h"
 #include "runopts.h"
+#include "netio.h"
 
 static void checktimeouts();
 static long select_timeout();
@@ -167,6 +168,9 @@
 		/* set up for channels which can be read/written */
 		setchannelfds(&readfd, &writefd);
 
+		/* Pending connections to test */
+		set_connect_fds(&writefd);
+
 		val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout);
 
 		if (exitflag) {
@@ -214,11 +218,13 @@
 				process_packet();
 			}
 		}
-		
+
 		/* if required, flush out any queued reply packets that
 		were being held up during a KEX */
 		maybe_flush_reply_queue();
 
+		handle_connect_fds(&writefd);
+
 		/* process pipes etc for the channels, ses.dataallowed == 0
 		 * during rekeying ) */
 		channelio(&readfd, &writefd);
@@ -275,6 +281,8 @@
 	other session state is freed. */
 	remove_all_listeners();
 
+	remove_connect_pending();
+
 	while (!isempty(&ses.writequeue)) {
 		buf_free(dequeue(&ses.writequeue));
 	}
@@ -577,6 +585,11 @@
 
 	TRACE(("update_channel_prio"))
 
+	if (ses.sock_out < 0) {
+		TRACE(("leave update_channel_prio: no socket"))
+		return;
+	}
+
 	new_prio = DROPBEAR_PRIO_BULK;
 	for (i = 0; i < ses.chansize; i++) {
 		struct Channel *channel = ses.channels[i];
--- a/dbutil.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/dbutil.c	Sat Feb 28 23:25:16 2015 +0800
@@ -213,183 +213,6 @@
 }
 #endif /* DEBUG_TRACE */
 
-void set_sock_nodelay(int sock) {
-	int val;
-
-	/* disable nagle */
-	val = 1;
-	setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
-}
-
-void set_sock_priority(int sock, enum dropbear_prio prio) {
-
-	int iptos_val = 0, so_prio_val = 0, rc;
-
-	/* Don't log ENOTSOCK errors so that this can harmlessly be called
-	 * on a client '-J' proxy pipe */
-
-	/* set the TOS bit for either ipv4 or ipv6 */
-#ifdef IPTOS_LOWDELAY
-	if (prio == DROPBEAR_PRIO_LOWDELAY) {
-		iptos_val = IPTOS_LOWDELAY;
-	} else if (prio == DROPBEAR_PRIO_BULK) {
-		iptos_val = IPTOS_THROUGHPUT;
-	}
-#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
-	rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val));
-	if (rc < 0 && errno != ENOTSOCK) {
-		TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno)));
-	}
-#endif
-	rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val));
-	if (rc < 0 && errno != ENOTSOCK) {
-		TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
-	}
-#endif
-
-#ifdef SO_PRIORITY
-	if (prio == DROPBEAR_PRIO_LOWDELAY) {
-		so_prio_val = TC_PRIO_INTERACTIVE;
-	} else if (prio == DROPBEAR_PRIO_BULK) {
-		so_prio_val = TC_PRIO_BULK;
-	}
-	/* linux specific, sets QoS class. see tc-prio(8) */
-	rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val));
-	if (rc < 0 && errno != ENOTSOCK)
-		dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)",
-				strerror(errno));
-#endif
-
-}
-
-/* Listen on address:port. 
- * Special cases are address of "" listening on everything,
- * and address of NULL listening on localhost only.
- * Returns the number of sockets bound on success, or -1 on failure. On
- * failure, if errstring wasn't NULL, it'll be a newly malloced error
- * string.*/
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
-
-	struct addrinfo hints, *res = NULL, *res0 = NULL;
-	int err;
-	unsigned int nsock;
-	struct linger linger;
-	int val;
-	int sock;
-
-	TRACE(("enter dropbear_listen"))
-	
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
-	hints.ai_socktype = SOCK_STREAM;
-
-	/* for calling getaddrinfo:
-	 address == NULL and !AI_PASSIVE: local loopback
-	 address == NULL and AI_PASSIVE: all interfaces
-	 address != NULL: whatever the address says */
-	if (!address) {
-		TRACE(("dropbear_listen: local loopback"))
-	} else {
-		if (address[0] == '\0') {
-			TRACE(("dropbear_listen: all interfaces"))
-			address = NULL;
-		}
-		hints.ai_flags = AI_PASSIVE;
-	}
-	err = getaddrinfo(address, port, &hints, &res0);
-
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
-		}
-		if (res0) {
-			freeaddrinfo(res0);
-			res0 = NULL;
-		}
-		TRACE(("leave dropbear_listen: failed resolving"))
-		return -1;
-	}
-
-
-	nsock = 0;
-	for (res = res0; res != NULL && nsock < sockcount;
-			res = res->ai_next) {
-
-		/* Get a socket */
-		socks[nsock] = socket(res->ai_family, res->ai_socktype,
-				res->ai_protocol);
-
-		sock = socks[nsock]; /* For clarity */
-
-		if (sock < 0) {
-			err = errno;
-			TRACE(("socket() failed"))
-			continue;
-		}
-
-		/* Various useful socket options */
-		val = 1;
-		/* set to reuse, quick timeout */
-		setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
-		linger.l_onoff = 1;
-		linger.l_linger = 5;
-		setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
-
-#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
-		if (res->ai_family == AF_INET6) {
-			int on = 1;
-			if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, 
-						&on, sizeof(on)) == -1) {
-				dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY");
-			}
-		}
-#endif
-
-		set_sock_nodelay(sock);
-
-		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("bind(%s) failed", port))
-			continue;
-		}
-
-		if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) {
-			err = errno;
-			close(sock);
-			TRACE(("listen() failed"))
-			continue;
-		}
-
-		*maxfd = MAX(*maxfd, sock);
-
-		nsock++;
-	}
-
-	if (res0) {
-		freeaddrinfo(res0);
-		res0 = NULL;
-	}
-
-	if (nsock == 0) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error listening: %s", strerror(err));
-		}
-		TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
-		return -1;
-	}
-
-	TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
-	return nsock;
-}
-
 /* Connect to a given unix socket. The socket is blocking */
 #ifdef ENABLE_CONNECT_UNIX
 int connect_unix(const char* path) {
@@ -413,111 +236,6 @@
 }
 #endif
 
-#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
-static void set_piggyback_ack(int sock) {
-	/* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked
-	on the 3rd packet (ack) of the TCP handshake. Saves a IP packet.
-	http://thread.gmane.org/gmane.linux.network/224627/focus=224727
-	"Piggyback the final ACK of the three way TCP connection establishment with the data" */
-	int val = 1;
-	/* No error checking, this is opportunistic */
-	int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val));
-	if (err)
-	{
-		TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno)))
-	}
-}
-#endif
-
-
-/* Connect via TCP to a host. Connection will try ipv4 or ipv6, will
- * return immediately if nonblocking is set. On failure, if errstring
- * wasn't null, it will be a newly malloced error message */
-
-/* TODO: maxfd */
-int connect_remote(const char* remotehost, const char* remoteport, char ** errstring) {
-
-	struct addrinfo *res0 = NULL, *res = NULL, hints;
-	int sock;
-	int err;
-
-	TRACE(("enter connect_remote"))
-
-	if (errstring != NULL) {
-		*errstring = NULL;
-	}
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-
-	err = getaddrinfo(remotehost, remoteport, &hints, &res0);
-	if (err) {
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 100 + strlen(gai_strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error resolving '%s' port '%s'. %s", 
-					remotehost, remoteport, gai_strerror(err));
-		}
-		TRACE(("Error resolving: %s", gai_strerror(err)))
-		return -1;
-	}
-
-	sock = -1;
-	err = EADDRNOTAVAIL;
-	for (res = res0; res; res = res->ai_next) {
-
-		sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-		if (sock < 0) {
-			err = errno;
-			continue;
-		}
-
-		setnonblocking(sock);
-
-#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
-		set_piggyback_ack(sock);
-#endif
-
-		if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
-			if (errno == EINPROGRESS) {
-				TRACE(("Connect in progress"))
-				break;
-			} else {
-				err = errno;
-				close(sock);
-				sock = -1;
-				continue;
-			}
-		}
-
-		break; /* Success */
-	}
-
-	if (sock < 0 && !(errno == EINPROGRESS)) {
-		/* Failed */
-		if (errstring != NULL && *errstring == NULL) {
-			int len;
-			len = 20 + strlen(strerror(err));
-			*errstring = (char*)m_malloc(len);
-			snprintf(*errstring, len, "Error connecting: %s", strerror(err));
-		}
-		TRACE(("Error connecting: %s", strerror(err)))
-	} else {
-		/* Success */
-		set_sock_nodelay(sock);
-	}
-
-	freeaddrinfo(res0);
-	if (sock > 0 && errstring != NULL && *errstring != NULL) {
-		m_free(*errstring);
-	}
-
-	TRACE(("leave connect_remote: sock %d\n", sock))
-	return sock;
-}
-
 /* Sets up a pipe for a, returning three non-blocking file descriptors
  * and the pid. exec_fn is the function that will actually execute the child process,
  * it will be run after the child has fork()ed, and is passed exec_data.
@@ -653,88 +371,6 @@
 	execv(usershell, argv);
 }
 
-void get_socket_address(int fd, char **local_host, char **local_port,
-						char **remote_host, char **remote_port, int host_lookup)
-{
-	struct sockaddr_storage addr;
-	socklen_t addrlen;
-	
-	if (local_host || local_port) {
-		addrlen = sizeof(addr);
-		if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			dropbear_exit("Failed socket address: %s", strerror(errno));
-		}
-		getaddrstring(&addr, local_host, local_port, host_lookup);		
-	}
-	if (remote_host || remote_port) {
-		addrlen = sizeof(addr);
-		if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			dropbear_exit("Failed socket address: %s", strerror(errno));
-		}
-		getaddrstring(&addr, remote_host, remote_port, host_lookup);		
-	}
-}
-
-/* Return a string representation of the socket address passed. The return
- * value is allocated with malloc() */
-void getaddrstring(struct sockaddr_storage* addr, 
-			char **ret_host, char **ret_port,
-			int host_lookup) {
-
-	char host[NI_MAXHOST+1], serv[NI_MAXSERV+1];
-	unsigned int len;
-	int ret;
-	
-	int flags = NI_NUMERICSERV | NI_NUMERICHOST;
-
-#ifndef DO_HOST_LOOKUP
-	host_lookup = 0;
-#endif
-	
-	if (host_lookup) {
-		flags = NI_NUMERICSERV;
-	}
-
-	len = sizeof(struct sockaddr_storage);
-	/* Some platforms such as Solaris 8 require that len is the length
-	 * of the specific structure. Some older linux systems (glibc 2.1.3
-	 * such as debian potato) have sockaddr_storage.__ss_family instead
-	 * but we'll ignore them */
-#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY
-	if (addr->ss_family == AF_INET) {
-		len = sizeof(struct sockaddr_in);
-	}
-#ifdef AF_INET6
-	if (addr->ss_family == AF_INET6) {
-		len = sizeof(struct sockaddr_in6);
-	}
-#endif
-#endif
-
-	ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, 
-			serv, sizeof(serv)-1, flags);
-
-	if (ret != 0) {
-		if (host_lookup) {
-			/* On some systems (Darwin does it) we get EINTR from getnameinfo
-			 * somehow. Eew. So we'll just return the IP, since that doesn't seem
-			 * to exhibit that behaviour. */
-			getaddrstring(addr, ret_host, ret_port, 0);
-			return;
-		} else {
-			/* if we can't do a numeric lookup, something's gone terribly wrong */
-			dropbear_exit("Failed lookup: %s", gai_strerror(ret));
-		}
-	}
-
-	if (ret_host) {
-		*ret_host = m_strdup(host);
-	}
-	if (ret_port) {
-		*ret_port = m_strdup(serv);
-	}
-}
-
 #ifdef DEBUG_TRACE
 void printhex(const char * label, const unsigned char * buf, int len) {
 
@@ -1059,3 +695,4 @@
 	return time(NULL);
 }
 
+
--- a/dbutil.h	Tue Feb 24 22:48:34 2015 +0800
+++ b/dbutil.h	Sat Feb 28 23:25:16 2015 +0800
@@ -28,6 +28,7 @@
 
 #include "includes.h"
 #include "buffer.h"
+#include "queue.h"
 
 #ifndef DISABLE_SYSLOG
 void startsyslog();
@@ -62,28 +63,14 @@
 extern int debug_trace;
 #endif
 
-enum dropbear_prio {
-	DROPBEAR_PRIO_DEFAULT = 10,
-	DROPBEAR_PRIO_LOWDELAY = 11,
-	DROPBEAR_PRIO_BULK = 12,
-};
+char * stripcontrol(const char * text);
 
-char * stripcontrol(const char * text);
-void get_socket_address(int fd, char **local_host, char **local_port,
-		char **remote_host, char **remote_port, int host_lookup);
-void getaddrstring(struct sockaddr_storage* addr, 
-		char **ret_host, char **ret_port, int host_lookup);
-void set_sock_nodelay(int sock);
-void set_sock_priority(int sock, enum dropbear_prio prio);
-int dropbear_listen(const char* address, const char* port,
-		int *socks, unsigned int sockcount, char **errstring, int *maxfd);
 int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
 		int *writefd, int *readfd, int *errfd, pid_t *pid);
 void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
 #ifdef ENABLE_CONNECT_UNIX
 int connect_unix(const char* addr);
 #endif
-int connect_remote(const char* remotehost, const char* remoteport, char ** errstring);
 int buf_readfile(buffer* buf, const char* filename);
 int buf_getline(buffer * line, FILE * authfile);
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/netio.c	Sat Feb 28 23:25:16 2015 +0800
@@ -0,0 +1,579 @@
+#include "netio.h"
+#include "list.h"
+#include "dbutil.h"
+#include "session.h"
+#include "debug.h"
+
+struct dropbear_progress_connection {
+	struct addrinfo *res;
+	struct addrinfo *res_iter;
+
+	char *remotehost, *remoteport; /* For error reporting */
+
+	connect_callback cb;
+	void *cb_data;
+
+	struct Queue *writequeue; /* A queue of encrypted packets to send with TCP fastopen,
+								or NULL. */
+
+	int sock;
+
+	char* errstring;
+};
+
+#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
+static void set_piggyback_ack(int sock) {
+	/* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked
+	on the 3rd packet (ack) of the TCP handshake. Saves a IP packet.
+	http://thread.gmane.org/gmane.linux.network/224627/focus=224727
+	"Piggyback the final ACK of the three way TCP connection establishment with the data" */
+	int val = 1;
+	/* No error checking, this is opportunistic */
+	int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val));
+	if (err)
+	{
+		TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno)))
+	}
+}
+#endif
+
+
+/* Deallocate a progress connection. Removes from the pending list if iter!=NULL.
+Does not close sockets */
+static void remove_connect(struct dropbear_progress_connection *c, m_list_elem *iter) {
+	if (c->res) {
+		freeaddrinfo(c->res);
+	}
+	m_free(c->remotehost);
+	m_free(c->remoteport);
+	m_free(c->errstring);
+	m_free(c);
+
+	if (iter) {
+		list_remove(iter);
+	}
+}
+
+static void cancel_callback(int result, int sock, void* UNUSED(data), const char* UNUSED(errstring)) {
+	if (result == DROPBEAR_SUCCESS)
+	{
+		m_close(sock);
+	}
+}
+
+void cancel_connect(struct dropbear_progress_connection *c) {
+	c->cb = cancel_callback;
+	c->cb_data = NULL;
+}
+
+static void connect_try_next(struct dropbear_progress_connection *c) {
+	struct addrinfo *r;
+	int res = 0;
+	int fastopen = 0;
+#ifdef DROPBEAR_TCP_FAST_OPEN
+	struct msghdr message;
+#endif
+
+	for (r = c->res_iter; r; r = r->ai_next)
+	{
+		assert(c->sock == -1);
+
+		c->sock = socket(c->res_iter->ai_family, c->res_iter->ai_socktype, c->res_iter->ai_protocol);
+		if (c->sock < 0) {
+			continue;
+		}
+
+		ses.maxfd = MAX(ses.maxfd, c->sock);
+		set_sock_nodelay(c->sock);
+		setnonblocking(c->sock);
+
+#if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
+		set_piggyback_ack(c->sock);
+#endif
+
+#ifdef DROPBEAR_TCP_FAST_OPEN
+		fastopen = (c->writequeue != NULL);
+
+		memset(&message, 0x0, sizeof(message));
+		message.msg_name = r->ai_addr;
+		message.msg_namelen = r->ai_addrlen;
+
+		if (c->writequeue) {
+			int iovlen; /* Linux msg_iovlen is a size_t */
+			message.msg_iov = packet_queue_to_iovec(c->writequeue, &iovlen);
+			message.msg_iovlen = iovlen;
+			res = sendmsg(c->sock, &message, MSG_FASTOPEN);
+			if (res < 0 && errno != EINPROGRESS) {
+				/* Not entirely sure which kind of errors are normal - 2.6.32 seems to 
+				return EPIPE for any (nonblocking?) sendmsg(). just fall back */
+				TRACE(("sendmsg tcp_fastopen failed, falling back. %s", strerror(errno)));
+				/* No kernel MSG_FASTOPEN support. Fall back below */
+				fastopen = 0;
+				/* Set to NULL to avoid trying again */
+				c->writequeue = NULL;
+			}
+			m_free(message.msg_iov);
+			packet_queue_consume(c->writequeue, res);
+		}
+#endif
+
+		/* Normal connect(), used as fallback for TCP fastopen too */
+		if (!fastopen) {
+			res = connect(c->sock, r->ai_addr, r->ai_addrlen);
+		}
+
+		if (res < 0 && errno != EINPROGRESS) {
+			/* failure */
+			close(c->sock);
+			c->sock = -1;
+			continue;
+		} else {
+			/* new connection was successful, wait for it to complete */
+			break;
+		}
+	}
+
+	if (r) {
+		c->res_iter = r->ai_next;
+	} else {
+		c->res_iter = NULL;
+	}
+}
+
+/* Connect via TCP to a host. */
+struct dropbear_progress_connection *connect_remote(const char* remotehost, const char* remoteport,
+	connect_callback cb, void* cb_data)
+{
+	struct dropbear_progress_connection *c = NULL;
+	int err;
+	struct addrinfo hints;
+
+	c = m_malloc(sizeof(*c));
+	c->remotehost = m_strdup(remotehost);
+	c->remoteport = m_strdup(remoteport);
+	c->sock = -1;
+	c->cb = cb;
+	c->cb_data = cb_data;
+
+	list_append(&ses.conn_pending, c);
+
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_family = PF_UNSPEC;
+
+	err = getaddrinfo(remotehost, remoteport, &hints, &c->res);
+	if (err) {
+		int len;
+		len = 100 + strlen(gai_strerror(err));
+		c->errstring = (char*)m_malloc(len);
+		snprintf(c->errstring, len, "Error resolving '%s' port '%s'. %s", 
+				remotehost, remoteport, gai_strerror(err));
+		TRACE(("Error resolving: %s", gai_strerror(err)))
+		return NULL;
+	}
+
+	c->res_iter = c->res;
+
+	return c;
+}
+
+void remove_connect_pending() {
+	while (ses.conn_pending.first) {
+		struct dropbear_progress_connection *c = ses.conn_pending.first->item;
+		remove_connect(c, ses.conn_pending.first);
+	}
+}
+
+
+void set_connect_fds(fd_set *writefd) {
+	m_list_elem *iter;
+	TRACE(("enter handle_connect_fds"))
+	for (iter = ses.conn_pending.first; iter; iter = iter->next) {
+		struct dropbear_progress_connection *c = iter->item;
+		/* Set one going */
+		while (c->res_iter && c->sock < 0)
+		{
+			connect_try_next(c);
+		}
+		if (c->sock >= 0) {
+			FD_SET(c->sock, writefd);
+		} else {
+			m_list_elem *remove_iter;
+			/* Final failure */
+			if (!c->errstring) {
+				c->errstring = m_strdup("unexpected failure");
+			}
+			c->cb(DROPBEAR_FAILURE, -1, c->cb_data, c->errstring);
+			/* Safely remove without invalidating iter */
+			remove_iter = iter;
+			iter = iter->prev;
+			remove_connect(c, remove_iter);
+		}
+	}
+}
+
+void handle_connect_fds(fd_set *writefd) {
+	m_list_elem *iter;
+	TRACE(("enter handle_connect_fds"))
+	for (iter = ses.conn_pending.first; iter; iter = iter->next) {
+		int val;
+		socklen_t vallen = sizeof(val);
+		struct dropbear_progress_connection *c = iter->item;
+
+		if (!FD_ISSET(c->sock, writefd)) {
+			continue;
+		}
+
+		TRACE(("handling %s port %s socket %d", c->remotehost, c->remoteport, c->sock));
+
+		if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &val, &vallen) != 0) {
+			TRACE(("handle_connect_fds getsockopt(%d) SO_ERROR failed: %s", c->sock, strerror(errno)))
+			/* This isn't expected to happen - Unix has surprises though, continue gracefully. */
+			m_close(c->sock);
+			c->sock = -1;
+		} else if (val != 0) {
+			/* Connect failed */
+			TRACE(("connect to %s port %s failed.", c->remotehost, c->remoteport))
+			m_close(c->sock);
+			c->sock = -1;
+
+			m_free(c->errstring);
+			c->errstring = strerror(val);
+		} else {
+			/* New connection has been established */
+			c->cb(DROPBEAR_SUCCESS, c->sock, c->cb_data, NULL);
+			remove_connect(c, iter);
+			TRACE(("leave handle_connect_fds - success"))
+			/* Must return here - remove_connect() invalidates iter */
+			return; 
+		}
+	}
+	TRACE(("leave handle_connect_fds - end iter"))
+}
+
+void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue) {
+	c->writequeue = writequeue;
+}
+
+struct iovec * packet_queue_to_iovec(struct Queue *queue, int *ret_iov_count) {
+	struct iovec *iov = NULL;
+	struct Link *l;
+	unsigned int i;
+	int len;
+	buffer *writebuf;
+
+	#ifndef IOV_MAX
+	#define IOV_MAX UIO_MAXIOV
+	#endif
+
+	*ret_iov_count = MIN(queue->count, IOV_MAX);
+
+	iov = m_malloc(sizeof(*iov) * *ret_iov_count);
+	for (l = queue->head, i = 0; l; l = l->link, i++)
+	{
+		writebuf = (buffer*)l->item;
+		len = writebuf->len - 1 - writebuf->pos;
+		dropbear_assert(len > 0);
+		TRACE2(("write_packet writev #%d  type %d len %d/%d", i, writebuf->data[writebuf->len-1],
+				len, writebuf->len-1))
+		iov[i].iov_base = buf_getptr(writebuf, len);
+		iov[i].iov_len = len;
+	}
+
+	return iov;
+}
+
+void packet_queue_consume(struct Queue *queue, ssize_t written) {
+	buffer *writebuf;
+	int len;
+	while (written > 0) {
+		writebuf = (buffer*)examine(queue);
+		len = writebuf->len - 1 - writebuf->pos;
+		if (len > written) {
+			/* partial buffer write */
+			buf_incrpos(writebuf, written);
+			written = 0;
+		} else {
+			written -= len;
+			dequeue(queue);
+			buf_free(writebuf);
+		}
+	}
+}
+
+void set_sock_nodelay(int sock) {
+	int val;
+
+	/* disable nagle */
+	val = 1;
+	setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
+}
+
+#ifdef DROPBEAR_TCP_FAST_OPEN
+void set_listen_fast_open(int sock) {
+	int qlen = MAX(MAX_UNAUTH_PER_IP, 5);
+	if (setsockopt(sock, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) != 0) {
+		TRACE(("set_listen_fast_open failed for socket %d: %s", sock, strerror(errno)))
+	}
+}
+
+#endif
+
+void set_sock_priority(int sock, enum dropbear_prio prio) {
+
+	int rc;
+#ifdef IPTOS_LOWDELAY
+	int iptos_val = 0;
+#endif
+#ifdef SO_PRIORITY
+	int so_prio_val = 0;
+#endif
+
+
+	/* Don't log ENOTSOCK errors so that this can harmlessly be called
+	 * on a client '-J' proxy pipe */
+
+	/* set the TOS bit for either ipv4 or ipv6 */
+#ifdef IPTOS_LOWDELAY
+	if (prio == DROPBEAR_PRIO_LOWDELAY) {
+		iptos_val = IPTOS_LOWDELAY;
+	} else if (prio == DROPBEAR_PRIO_BULK) {
+		iptos_val = IPTOS_THROUGHPUT;
+	}
+#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
+	rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val));
+	if (rc < 0 && errno != ENOTSOCK) {
+		TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno)));
+	}
+#endif
+	rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val));
+	if (rc < 0 && errno != ENOTSOCK) {
+		TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
+	}
+#endif
+
+#ifdef SO_PRIORITY
+	if (prio == DROPBEAR_PRIO_LOWDELAY) {
+		so_prio_val = TC_PRIO_INTERACTIVE;
+	} else if (prio == DROPBEAR_PRIO_BULK) {
+		so_prio_val = TC_PRIO_BULK;
+	}
+	/* linux specific, sets QoS class. see tc-prio(8) */
+	rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val));
+	if (rc < 0 && errno != ENOTSOCK)
+		dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)",
+				strerror(errno));
+#endif
+
+}
+
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int dropbear_listen(const char* address, const char* port,
+		int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
+
+	struct addrinfo hints, *res = NULL, *res0 = NULL;
+	int err;
+	unsigned int nsock;
+	struct linger linger;
+	int val;
+	int sock;
+
+	TRACE(("enter dropbear_listen"))
+	
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
+	hints.ai_socktype = SOCK_STREAM;
+
+	/* for calling getaddrinfo:
+	 address == NULL and !AI_PASSIVE: local loopback
+	 address == NULL and AI_PASSIVE: all interfaces
+	 address != NULL: whatever the address says */
+	if (!address) {
+		TRACE(("dropbear_listen: local loopback"))
+	} else {
+		if (address[0] == '\0') {
+			TRACE(("dropbear_listen: all interfaces"))
+			address = NULL;
+		}
+		hints.ai_flags = AI_PASSIVE;
+	}
+	err = getaddrinfo(address, port, &hints, &res0);
+
+	if (err) {
+		if (errstring != NULL && *errstring == NULL) {
+			int len;
+			len = 20 + strlen(gai_strerror(err));
+			*errstring = (char*)m_malloc(len);
+			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
+		}
+		if (res0) {
+			freeaddrinfo(res0);
+			res0 = NULL;
+		}
+		TRACE(("leave dropbear_listen: failed resolving"))
+		return -1;
+	}
+
+
+	nsock = 0;
+	for (res = res0; res != NULL && nsock < sockcount;
+			res = res->ai_next) {
+
+		/* Get a socket */
+		socks[nsock] = socket(res->ai_family, res->ai_socktype,
+				res->ai_protocol);
+
+		sock = socks[nsock]; /* For clarity */
+
+		if (sock < 0) {
+			err = errno;
+			TRACE(("socket() failed"))
+			continue;
+		}
+
+		/* Various useful socket options */
+		val = 1;
+		/* set to reuse, quick timeout */
+		setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
+		linger.l_onoff = 1;
+		linger.l_linger = 5;
+		setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
+
+#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
+		if (res->ai_family == AF_INET6) {
+			int on = 1;
+			if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, 
+						&on, sizeof(on)) == -1) {
+				dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY");
+			}
+		}
+#endif
+
+		set_sock_nodelay(sock);
+
+		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
+			err = errno;
+			close(sock);
+			TRACE(("bind(%s) failed", port))
+			continue;
+		}
+
+		if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) {
+			err = errno;
+			close(sock);
+			TRACE(("listen() failed"))
+			continue;
+		}
+
+		*maxfd = MAX(*maxfd, sock);
+
+		nsock++;
+	}
+
+	if (res0) {
+		freeaddrinfo(res0);
+		res0 = NULL;
+	}
+
+	if (nsock == 0) {
+		if (errstring != NULL && *errstring == NULL) {
+			int len;
+			len = 20 + strlen(strerror(err));
+			*errstring = (char*)m_malloc(len);
+			snprintf(*errstring, len, "Error listening: %s", strerror(err));
+		}
+		TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
+		return -1;
+	}
+
+	TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
+	return nsock;
+}
+
+void get_socket_address(int fd, char **local_host, char **local_port,
+						char **remote_host, char **remote_port, int host_lookup)
+{
+	struct sockaddr_storage addr;
+	socklen_t addrlen;
+	
+	if (local_host || local_port) {
+		addrlen = sizeof(addr);
+		if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
+			dropbear_exit("Failed socket address: %s", strerror(errno));
+		}
+		getaddrstring(&addr, local_host, local_port, host_lookup);		
+	}
+	if (remote_host || remote_port) {
+		addrlen = sizeof(addr);
+		if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
+			dropbear_exit("Failed socket address: %s", strerror(errno));
+		}
+		getaddrstring(&addr, remote_host, remote_port, host_lookup);		
+	}
+}
+
+/* Return a string representation of the socket address passed. The return
+ * value is allocated with malloc() */
+void getaddrstring(struct sockaddr_storage* addr, 
+			char **ret_host, char **ret_port,
+			int host_lookup) {
+
+	char host[NI_MAXHOST+1], serv[NI_MAXSERV+1];
+	unsigned int len;
+	int ret;
+	
+	int flags = NI_NUMERICSERV | NI_NUMERICHOST;
+
+#ifndef DO_HOST_LOOKUP
+	host_lookup = 0;
+#endif
+	
+	if (host_lookup) {
+		flags = NI_NUMERICSERV;
+	}
+
+	len = sizeof(struct sockaddr_storage);
+	/* Some platforms such as Solaris 8 require that len is the length
+	 * of the specific structure. Some older linux systems (glibc 2.1.3
+	 * such as debian potato) have sockaddr_storage.__ss_family instead
+	 * but we'll ignore them */
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY
+	if (addr->ss_family == AF_INET) {
+		len = sizeof(struct sockaddr_in);
+	}
+#ifdef AF_INET6
+	if (addr->ss_family == AF_INET6) {
+		len = sizeof(struct sockaddr_in6);
+	}
+#endif
+#endif
+
+	ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, 
+			serv, sizeof(serv)-1, flags);
+
+	if (ret != 0) {
+		if (host_lookup) {
+			/* On some systems (Darwin does it) we get EINTR from getnameinfo
+			 * somehow. Eew. So we'll just return the IP, since that doesn't seem
+			 * to exhibit that behaviour. */
+			getaddrstring(addr, ret_host, ret_port, 0);
+			return;
+		} else {
+			/* if we can't do a numeric lookup, something's gone terribly wrong */
+			dropbear_exit("Failed lookup: %s", gai_strerror(ret));
+		}
+	}
+
+	if (ret_host) {
+		*ret_host = m_strdup(host);
+	}
+	if (ret_port) {
+		*ret_port = m_strdup(serv);
+	}
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/netio.h	Sat Feb 28 23:25:16 2015 +0800
@@ -0,0 +1,62 @@
+#ifndef DROPBEAR_NETIO_H
+#define DROPBEAR_NETIO_H
+
+#include "includes.h"
+#include "buffer.h"
+#include "queue.h"
+
+enum dropbear_prio {
+	DROPBEAR_PRIO_DEFAULT = 10,
+	DROPBEAR_PRIO_LOWDELAY = 11,
+	DROPBEAR_PRIO_BULK = 12,
+};
+
+void set_sock_nodelay(int sock);
+void set_sock_priority(int sock, enum dropbear_prio prio);
+
+void get_socket_address(int fd, char **local_host, char **local_port,
+		char **remote_host, char **remote_port, int host_lookup);
+void getaddrstring(struct sockaddr_storage* addr, 
+		char **ret_host, char **ret_port, int host_lookup);
+int dropbear_listen(const char* address, const char* port,
+		int *socks, unsigned int sockcount, char **errstring, int *maxfd);
+
+struct dropbear_progress_connection;
+
+/* result is DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
+errstring is only set on DROPBEAR_FAILURE, returns failure message for the last attempted socket */
+typedef void(*connect_callback)(int result, int sock, void* data, const char* errstring);
+
+struct dropbear_progress_connection * connect_remote (const char* remotehost, const char* remoteport,
+	connect_callback cb, void *cb_data);
+
+/* Sets up for select() */
+void set_connect_fds(fd_set *writefd);
+/* Handles ready sockets after select() */
+void handle_connect_fds(fd_set *writefd);
+/* Cleanup */
+void remove_connect_pending();
+
+/* Doesn't actually stop the connect, but adds a dummy callback instead */
+void cancel_connect(struct dropbear_progress_connection *c);
+
+void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue);
+
+/* TODO: writev #ifdef guard */
+struct iovec * packet_queue_to_iovec(struct Queue *queue, int *ret_iov_count);
+void packet_queue_consume(struct Queue *queue, ssize_t written);
+
+#ifdef DROPBEAR_TCP_FAST_OPEN
+/* Try for any Linux builds, will fall back if the kernel doesn't support it */
+void set_listen_fast_open(int sock);
+/* Define values which may be supported by the kernel even if the libc is too old */
+#ifndef TCP_FASTOPEN
+#define TCP_FASTOPEN 23
+#endif
+#ifndef MSG_FASTOPEN
+#define MSG_FASTOPEN 0x20000000
+#endif
+#endif
+
+#endif
+
--- a/packet.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/packet.c	Sat Feb 28 23:25:16 2015 +0800
@@ -34,6 +34,7 @@
 #include "service.h"
 #include "auth.h"
 #include "channel.h"
+#include "netio.h"
 
 static int read_packet_init();
 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
@@ -55,14 +56,10 @@
 /* non-blocking function writing out a current encrypted packet */
 void write_packet() {
 
-	int len, written;
-	buffer * writebuf = NULL;
-	unsigned packet_type;
+	ssize_t written;
 #ifdef HAVE_WRITEV
 	struct iovec *iov = NULL;
-	int i;
-	struct Link *l;
-	int iov_max_count;
+	int iov_count;
 #endif
 	
 	TRACE2(("enter write_packet"))
@@ -70,62 +67,28 @@
 
 #if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV))
 
-#ifndef IOV_MAX
-#define IOV_MAX UIO_MAXIOV
-#endif
-
-	/* Make sure the size of the iov is below the maximum allowed by the OS. */
-	iov_max_count = ses.writequeue.count;
-	if (iov_max_count > IOV_MAX)
-	{
-		iov_max_count = IOV_MAX;
-	}
-
-	iov = m_malloc(sizeof(*iov) * iov_max_count);
-	for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
-	{
-		writebuf = (buffer*)l->item;
-		packet_type = writebuf->data[writebuf->len-1];
-		len = writebuf->len - 1 - writebuf->pos;
-		dropbear_assert(len > 0);
-		TRACE2(("write_packet writev #%d  type %d len %d/%d", i, packet_type,
-				len, writebuf->len-1))
-		iov[i].iov_base = buf_getptr(writebuf, len);
-		iov[i].iov_len = len;
-	}
+	iov = packet_queue_to_iovec(&ses.writequeue, &iov_count);
 	/* This may return EAGAIN. The main loop sometimes
 	calls write_packet() without bothering to test with select() since
 	it's likely to be necessary */
-	written = writev(ses.sock_out, iov, iov_max_count);
+	written = writev(ses.sock_out, iov, iov_count);
 	if (written < 0) {
 		if (errno == EINTR || errno == EAGAIN) {
+			TRACE2(("leave write_packet: EINTR"))
 			m_free(iov);
-			TRACE2(("leave write_packet: EINTR"))
 			return;
 		} else {
 			dropbear_exit("Error writing: %s", strerror(errno));
 		}
 	}
+	m_free(iov);
+
+	packet_queue_consume(&ses.writequeue, written);
 
 	if (written == 0) {
 		ses.remoteclosed();
 	}
 
-	while (written > 0) {
-		writebuf = (buffer*)examine(&ses.writequeue);
-		len = writebuf->len - 1 - writebuf->pos;
-		if (len > written) {
-			/* partial buffer write */
-			buf_incrpos(writebuf, written);
-			written = 0;
-		} else {
-			written -= len;
-			dequeue(&ses.writequeue);
-			buf_free(writebuf);
-		}
-	}
-
-	m_free(iov);
 #else /* No writev () */
 	/* Get the next buffer in the queue of encrypted packets to write*/
 	writebuf = (buffer*)examine(&ses.writequeue);
--- a/packet.h	Tue Feb 24 22:48:34 2015 +0800
+++ b/packet.h	Sat Feb 28 23:25:16 2015 +0800
@@ -27,6 +27,7 @@
 #define DROPBEAR_PACKET_H_
 
 #include "includes.h"
+#include "queue.h"
 
 void write_packet();
 void read_packet();
--- a/session.h	Tue Feb 24 22:48:34 2015 +0800
+++ b/session.h	Sat Feb 28 23:25:16 2015 +0800
@@ -38,6 +38,7 @@
 #include "tcpfwd.h"
 #include "chansession.h"
 #include "dbutil.h"
+#include "netio.h"
 
 extern int sessinitdone; /* Is set to 0 somewhere */
 extern int exitflag;
@@ -60,7 +61,8 @@
 void svr_dropbear_log(int priority, const char* format, va_list param);
 
 /* Client */
-void cli_session(int sock_in, int sock_out) ATTRIB_NORETURN;
+void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress) ATTRIB_NORETURN;
+void cli_connected(int result, int sock, void* userdata, const char *errstring);
 void cleantext(unsigned char* dirtytext);
 
 /* crypto parameters that are stored individually for transmit and receive */
@@ -144,6 +146,8 @@
 	
 	int signal_pipe[2]; /* stores endpoints of a self-pipe used for
 						   race-free signal handling */
+
+	m_list conn_pending;
 						
 	/* time of the last packet send/receive, for keepalive. Not real-world clock */
 	time_t last_packet_time_keepalive_sent;
--- a/signkey.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/signkey.c	Sat Feb 28 23:25:16 2015 +0800
@@ -140,7 +140,7 @@
 
 	unsigned char* ident;
 	unsigned int len;
-	int keytype;
+	enum signkey_type keytype;
 	int ret = DROPBEAR_FAILURE;
 
 	TRACE2(("enter buf_get_pub_key"))
@@ -210,7 +210,7 @@
 
 	unsigned char* ident;
 	unsigned int len;
-	int keytype;
+	enum signkey_type keytype;
 	int ret = DROPBEAR_FAILURE;
 
 	TRACE2(("enter buf_get_priv_key"))
--- a/svr-main.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/svr-main.c	Sat Feb 28 23:25:16 2015 +0800
@@ -138,7 +138,6 @@
 	}
 
 	for (i = 0; i < listensockcount; i++) {
-		set_sock_priority(listensocks[i], DROPBEAR_PRIO_LOWDELAY);
 		FD_SET(listensocks[i], &fds);
 	}
 
@@ -403,9 +402,9 @@
 }
 
 /* Set up listening sockets for all the requested ports */
-static size_t listensockets(int *sock, size_t sockcount, int *maxfd) {
-	
-	unsigned int i;
+static size_t listensockets(int *socks, size_t sockcount, int *maxfd) {
+
+	unsigned int i, n;
 	char* errstring = NULL;
 	size_t sockpos = 0;
 	int nsock;
@@ -416,7 +415,7 @@
 
 		TRACE(("listening on '%s:%s'", svr_opts.addresses[i], svr_opts.ports[i]))
 
-		nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &sock[sockpos], 
+		nsock = dropbear_listen(svr_opts.addresses[i], svr_opts.ports[i], &socks[sockpos], 
 				sockcount - sockpos,
 				&errstring, maxfd);
 
@@ -427,6 +426,14 @@
 			continue;
 		}
 
+		for (n = 0; n < (unsigned int)nsock; n++) {
+			int sock = socks[sockpos + n];
+			set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY);
+#ifdef DROPBEAR_TCP_FAST_OPEN
+			set_listen_fast_open(sock);
+#endif
+		}
+
 		sockpos += nsock;
 
 	}
--- a/svr-tcpfwd.c	Tue Feb 24 22:48:34 2015 +0800
+++ b/svr-tcpfwd.c	Sat Feb 28 23:25:16 2015 +0800
@@ -33,6 +33,7 @@
 #include "listener.h"
 #include "runopts.h"
 #include "auth.h"
+#include "netio.h"
 
 #ifndef ENABLE_SVR_REMOTETCPFWD
 
@@ -236,7 +237,6 @@
 	unsigned char* orighost = NULL;
 	unsigned int origport;
 	char portstring[NI_MAXSERV];
-	int sock;
 	int len;
 	int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
 
@@ -270,19 +270,7 @@
 	}
 
 	snprintf(portstring, sizeof(portstring), "%d", destport);
-	sock = connect_remote(desthost, portstring, NULL);
-	if (sock < 0) {
-		err = SSH_OPEN_CONNECT_FAILED;
-		TRACE(("leave newtcpdirect: sock failed"))
-		goto out;
-	}
-
-	ses.maxfd = MAX(ses.maxfd, sock);
-
-	 /* We don't set readfd, that will get set after the connection's
-	 * progress succeeds */
-	channel->writefd = sock;
-	channel->initconn = 1;
+	channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done, channel);
 
 	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
 	
--- a/sysoptions.h	Tue Feb 24 22:48:34 2015 +0800
+++ b/sysoptions.h	Sat Feb 28 23:25:16 2015 +0800
@@ -262,4 +262,9 @@
 /* Use this string since some implementations might special-case it */
 #define DROPBEAR_KEEPALIVE_STRING "[email protected]"
 
+/* Linux will attempt TCP fast open, falling back if not supported by the kernel */
+#ifdef __linux__
+#define DROPBEAR_TCP_FAST_OPEN 1
+#endif
+
 /* no include guard for this file */