TLS: on Linux when sockopt TCP_FASTOPEN_CONNECT is available, use TFO for TLS-on...

[exim.git] / src / src / transports / smtp.c
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c

index c669bd21084b968ddd61974e7e224bbf19745b6a..eb6b77416a7bbcd5019e946a052688f133fee420 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -43,7 +43,7 @@ optionlist smtp_transport_options[] = {
    { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
  # endif
    { "data_timeout",         opt_time,     LOFF(data_timeout) },
-  { "delay_after_cutoff", opt_bool,       LOFF(delay_after_cutoff) },
+  { "delay_after_cutoff",   opt_bool,     LOFF(delay_after_cutoff) },
  #ifndef DISABLE_DKIM
    { "dkim_canon", opt_stringptr,          LOFF(dkim.dkim_canon) },
    { "dkim_domain", opt_stringptr,         LOFF(dkim.dkim_domain) },
@@ -805,7 +805,7 @@ else
    uschar * ehlo_resp_key = ehlo_cache_key(sx);
    dbdata_ehlo_resp * er;
  
-  if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
+  if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
      { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
    else if (time(NULL) - er->time_stamp > retry_data_expire)
      {
@@ -2098,7 +2098,12 @@ PIPE_CONNECT_RETRY:
    else
  #endif
      {
-    if ((sx->cctx.sock = smtp_connect(&sx->conn_args, NULL)) < 0)
+    blob lazy_conn = {.data = NULL};
+    /* For TLS-connect, a TFO lazy-connect is useful since the Client Hello
+    can go on the TCP SYN. */
+
+    if ((sx->cctx.sock = smtp_connect(&sx->conn_args,
+                           sx->smtps ? &lazy_conn : NULL)) < 0)
        {
        set_errno_nohost(sx->addrlist,
         errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
@@ -2107,6 +2112,10 @@ PIPE_CONNECT_RETRY:
        sx->send_quit = FALSE;
        return DEFER;
        }
+#ifdef TCP_QUICKACK
+    (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
+                       sizeof(off));
+#endif
      }
    /* Expand the greeting message while waiting for the initial response. (Makes
    sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
@@ -2152,10 +2161,6 @@ will be?  Somehow I doubt it. */
      else
  #endif
        {
-#ifdef TCP_QUICKACK
-      (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
-                       sizeof(off));
-#endif
        if (!smtp_reap_banner(sx))
         goto RESPONSE_FAILED;
        }
@@ -4393,10 +4398,13 @@ This change is being made on 31-Jul-98. After over a year of trouble-free
  operation, the old commented-out code was removed on 17-Sep-99. */
  
  SEND_QUIT:
-#ifdef TCP_CORK
-(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_CORK, US &on, sizeof(on));
+if (sx->send_quit)
+  {
+#ifdef EXIM_TCP_CORK
+  (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
  #endif
-if (sx->send_quit) (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
+  (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
+  }
  
  END_OFF: