From 84ff2ab2eef363d8eb680a06f043ecb06cfc803a Mon Sep 17 00:00:00 2001
From: byronhe <lh2008999@gmail.com>
Date: Wed, 11 Nov 2015 12:38:54 -0500
Subject: [PATCH 1/2] 1.SO_REUSEPORT should listen() after fork. 2.add some
 security CFLAGS

---
 Makefile |  3 +++
 stud.c   | 31 ++++++++++++++++++++++---------
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
index eba3e9c..d3fad5a 100644
--- a/Makefile
+++ b/Makefile
@@ -11,6 +11,9 @@ CFLAGS  = -O2 -g -std=c99 -fno-strict-aliasing -Wall -W -D_GNU_SOURCE -I/usr/loc
 LDFLAGS = -lssl -lcrypto -lev -L/usr/local/lib
 OBJS    = stud.o ringbuffer.o configuration.o
 
+#Some security enhancement 
+CFLAGS += -fstack-protector --param=ssp-buffer-size=4 -Wp,-D_FORTIFY_SOURCE=2 
+
 all: realall
 
 # Shared cache feature
diff --git a/stud.c b/stud.c
index 1e83617..343b27f 100644
--- a/stud.c
+++ b/stud.c
@@ -848,6 +848,20 @@ static int create_main_socket() {
     return s;
 }
 
+
+void do_listen(){
+    listener_socket = create_main_socket();
+
+#ifdef USE_SHARED_CACHE
+    if (CONFIG->SHCUPD_PORT) {
+        /* create socket to send(children) and
+               receive(parent) cache updates */
+        shcupd_socket = create_shcupd_socket();
+    }
+#endif /* USE_SHARED_CACHE */
+}
+
+
 /* Initiate a clear-text nonblocking connect() to the backend IP on behalf
  * of a newly connected upstream (encrypted) client*/
 static int create_back_socket() {
@@ -1520,6 +1534,10 @@ static void handle_connections() {
     /* child cannot create new children... */
     create_workers = 0;
 
+#ifdef SO_REUSEPORT
+    do_listen();
+#endif
+
 #if defined(CPU_ZERO) && defined(CPU_SET)
     cpu_set_t cpus;
 
@@ -1802,6 +1820,7 @@ void openssl_check_version() {
     LOG("{core} Using OpenSSL version %lx.\n", (unsigned long int) openssl_version);
 }
 
+
 /* Process command line args, create the bound socket,
  * spawn child (worker) processes, and respawn if any die */
 int main(int argc, char **argv) {
@@ -1819,15 +1838,9 @@ int main(int argc, char **argv) {
 
     init_globals();
 
-    listener_socket = create_main_socket();
-
-#ifdef USE_SHARED_CACHE
-    if (CONFIG->SHCUPD_PORT) {
-        /* create socket to send(children) and
-               receive(parent) cache updates */
-        shcupd_socket = create_shcupd_socket();
-    }
-#endif /* USE_SHARED_CACHE */
+#ifndef SO_REUSEPORT
+    do_listen();
+#endif
 
     /* load certificates, pass to handle_connections */
     init_openssl();

From ac0a73dc81dc280cf2df32352397a69126ebaa72 Mon Sep 17 00:00:00 2001
From: byronhe <lh2008999@gmail.com>
Date: Wed, 11 Nov 2015 12:42:45 -0500
Subject: [PATCH 2/2] format

---
 stud.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/stud.c b/stud.c
index 343b27f..99e6f09 100644
--- a/stud.c
+++ b/stud.c
@@ -1820,7 +1820,6 @@ void openssl_check_version() {
     LOG("{core} Using OpenSSL version %lx.\n", (unsigned long int) openssl_version);
 }
 
-
 /* Process command line args, create the bound socket,
  * spawn child (worker) processes, and respawn if any die */
 int main(int argc, char **argv) {