Browse code

tls: execute event_route[tls:connection-out]

- done when a new outgoing tls connection is opened
- ongoing work, to allow an option to drop the connection based on
config decision

Daniel-Constantin Mierla authored on 26/05/2014 12:17:43
Showing 5 changed files
... ...
@@ -348,6 +348,7 @@ static int mod_init(void)
348 348
 #ifndef OPENSSL_NO_DH
349 349
 	LM_INFO("With Diffie Hellman\n");
350 350
 #endif
351
+	tls_lookup_event_routes();
351 352
 	return 0;
352 353
 error:
353 354
 	destroy_tls_h();
... ...
@@ -101,11 +101,21 @@ enum {
101 101
 
102 102
 
103 103
 
104
+static struct tcp_connection* _tls_pv_con = 0;
104 105
 
105 106
 
107
+void tls_set_pv_con(struct tcp_connection *c)
108
+{
109
+	_tls_pv_con = c;
110
+}
111
+
106 112
 struct tcp_connection* get_cur_connection(struct sip_msg* msg)
107 113
 {
108 114
 	struct tcp_connection* c;
115
+
116
+	if(_tls_pv_con != 0)
117
+		return _tls_pv_con;
118
+
109 119
 	if (msg->rcv.proto != PROTO_TLS) {
110 120
 		ERR("Transport protocol is not TLS (bug in config)\n");
111 121
 		return 0;
... ...
@@ -43,9 +43,12 @@
43 43
 
44 44
 #include "../../select.h"
45 45
 #include "../../pvar.h"
46
+#include "../../tcp_conn.h"
46 47
 
47 48
 extern select_row_t tls_sel[];
48 49
 
49 50
 extern pv_export_t tls_pv[];
50 51
 
52
+void tls_set_pv_con(struct tcp_connection *c);
53
+
51 54
 #endif /* _TLS_SELECT_H */
... ...
@@ -46,6 +46,9 @@
46 46
 #include "../../tcp_int_send.h"
47 47
 #include "../../tcp_read.h"
48 48
 #include "../../cfg/cfg.h"
49
+#include "../../route.h"
50
+#include "../../forward.h"
51
+#include "../../onsend.h"
49 52
 
50 53
 #include "tls_init.h"
51 54
 #include "tls_domain.h"
... ...
@@ -56,6 +59,8 @@
56 59
 #include "tls_dump_vf.h"
57 60
 #include "tls_cfg.h"
58 61
 
62
+int tls_run_event_routes(struct tcp_connection *c);
63
+
59 64
 /* low memory treshold for openssl bug #1491 workaround */
60 65
 #define LOW_MEM_NEW_CONNECTION_TEST() \
61 66
 	(cfg_get(tls, tls_cfg, low_mem_threshold1) && \
... ...
@@ -435,6 +440,7 @@ int tls_connect(struct tcp_connection *c, int* error)
435 440
 			LOG(tls_log, "tls_connect: server did not "
436 441
 							"present a certificate\n");
437 442
 		}
443
+		tls_run_event_routes(c);
438 444
 	} else { /* 0 or < 0 */
439 445
 		*error = SSL_get_error(ssl, ret);
440 446
 	}
... ...
@@ -1343,3 +1349,42 @@ bug:
1343 1349
 					c, flags, ssl_read, *flags);
1344 1350
 	return -1;
1345 1351
 }
1352
+
1353
+
1354
+static int _tls_evrt_connection_out = -1; /* default disabled */
1355
+
1356
+/*!
1357
+ * lookup tls event routes
1358
+ */
1359
+void tls_lookup_event_routes(void)
1360
+{
1361
+	_tls_evrt_connection_out=route_lookup(&event_rt, "tls:connection-out");
1362
+	if (_tls_evrt_connection_out>=0 && event_rt.rlist[_tls_evrt_connection_out]==0)
1363
+		_tls_evrt_connection_out=-1; /* disable */
1364
+	if(_tls_evrt_connection_out!=-1)
1365
+		forward_set_send_info(1);
1366
+}
1367
+
1368
+/**
1369
+ *
1370
+ */
1371
+int tls_run_event_routes(struct tcp_connection *c)
1372
+{
1373
+	int backup_rt;
1374
+	struct run_act_ctx ctx;
1375
+	sip_msg_t tmsg;
1376
+
1377
+	if(_tls_evrt_connection_out<0)
1378
+		return 0;
1379
+	if(p_onsend==0 || p_onsend->msg==0)
1380
+		return 0;
1381
+
1382
+	backup_rt = get_route_type();
1383
+	set_route_type(LOCAL_ROUTE);
1384
+	init_run_actions_ctx(&ctx);
1385
+	tls_set_pv_con(c);
1386
+	run_top_route(event_rt.rlist[_tls_evrt_connection_out], &tmsg, 0);
1387
+	tls_set_pv_con(0);
1388
+	set_route_type(backup_rt);
1389
+	return 0;
1390
+}
... ...
@@ -93,4 +93,6 @@ int tls_h_fix_read_conn(struct tcp_connection *c);
93 93
 
94 94
 int tls_connect(struct tcp_connection *c, int* error);
95 95
 int tls_accept(struct tcp_connection *c, int* error);
96
+
97
+void tls_lookup_event_routes(void);
96 98
 #endif /* _TLS_SERVER_H */