Browse code

- more tls hooks

Andrei Pelinescu-Onciul authored on 01/07/2003 20:23:51
Showing 10 changed files
... ...
@@ -112,6 +112,9 @@ int do_action(struct action* a, struct sip_msg* msg)
112 112
 #ifdef USE_TCP
113 113
 			else if (a->type==FORWARD_TCP_T) proto= PROTO_TCP;
114 114
 #endif
115
+#ifdef USE_TLS
116
+			else if (a->type==FORWARD_TLS_T) proto= PROTO_TLS;
117
+#endif
115 118
 			else proto=msg->rcv.proto;
116 119
 			if (a->p1_type==URIHOST_ST){
117 120
 				/*parse uri*/
... ...
@@ -151,6 +154,9 @@ int do_action(struct action* a, struct sip_msg* msg)
151 151
 #ifdef USE_TCP
152 152
 					case PROTO_TCP:
153 153
 #endif
154
+#ifdef USE_TLS
155
+					case PROTO_TLS:
156
+#endif
154 157
 						proto=u->proto;
155 158
 						break;
156 159
 					default:
... ...
@@ -224,7 +230,7 @@ int do_action(struct action* a, struct sip_msg* msg)
224 224
 #ifdef USE_TCP
225 225
 					else{
226 226
 					/*tcp*/
227
-					ret=tcp_send(msg->buf, msg->len, to, 0);
227
+					ret=tcp_send(PROTO_TCP, msg->buf, msg->len, to, 0);
228 228
 				}
229 229
 #endif
230 230
 			}
... ...
@@ -75,6 +75,7 @@
75 75
 FORWARD	forward
76 76
 FORWARD_TCP	forward_tcp
77 77
 FORWARD_UDP	forward_udp
78
+FORWARD_TLS	forward_tls
78 79
 DROP	"drop"|"break"
79 80
 SEND	send
80 81
 SEND_TCP	send_tcp
... ...
@@ -209,6 +210,7 @@ EAT_ABLE	[\ \t\b\r]
209 209
 
210 210
 <INITIAL>{FORWARD}	{count(); yylval.strval=yytext; return FORWARD; }
211 211
 <INITIAL>{FORWARD_TCP}	{count(); yylval.strval=yytext; return FORWARD_TCP; }
212
+<INITIAL>{FORWARD_TLS}	{count(); yylval.strval=yytext; return FORWARD_TLS; }
212 213
 <INITIAL>{FORWARD_UDP}	{count(); yylval.strval=yytext; return FORWARD_UDP; }
213 214
 <INITIAL>{DROP}	{ count(); yylval.strval=yytext; return DROP; }
214 215
 <INITIAL>{SEND}	{ count(); yylval.strval=yytext; return SEND; }
... ...
@@ -103,6 +103,7 @@ int rt;  /* Type of route block for find_export */
103 103
 /* keywords */
104 104
 %token FORWARD
105 105
 %token FORWARD_TCP
106
+%token FORWARD_TLS
106 107
 %token FORWARD_UDP
107 108
 %token SEND
108 109
 %token SEND_TCP
... ...
@@ -921,6 +922,71 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
921 921
 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }
922 922
 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
923 923
 										"argument"); }
924
+		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
925
+														STRING_ST,
926
+														NUMBER_ST,
927
+														$3,
928
+														0);
929
+										}
930
+		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
931
+														STRING_ST,
932
+														NUMBER_ST,
933
+														$3,
934
+														0);
935
+										}
936
+		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
937
+														IP_ST,
938
+														NUMBER_ST,
939
+														(void*)$3,
940
+														0);
941
+										}
942
+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(
943
+																FORWARD_TLS_T,
944
+																 STRING_ST,
945
+																 NUMBER_ST,
946
+																$3,
947
+																(void*)$5);
948
+												 }
949
+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(
950
+																FORWARD_TLS_T,
951
+																 STRING_ST,
952
+																 NUMBER_ST,
953
+																$3,
954
+																(void*)$5);
955
+													}
956
+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,
957
+																 IP_ST,
958
+																 NUMBER_ST,
959
+																 (void*)$3,
960
+																(void*)$5);
961
+												  }
962
+		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {
963
+													$$=mk_action(FORWARD_TLS_T,
964
+																 URIHOST_ST,
965
+																 URIPORT_ST,
966
+																0,
967
+																0);
968
+													}
969
+													
970
+									
971
+		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {
972
+													$$=mk_action(FORWARD_TLS_T,
973
+																 URIHOST_ST,
974
+																 NUMBER_ST,
975
+																0,
976
+																(void*)$5);
977
+													}
978
+		| FORWARD_TLS LPAREN URIHOST RPAREN {
979
+													$$=mk_action(FORWARD_TLS_T,
980
+																 URIHOST_ST,
981
+																 NUMBER_ST,
982
+																0,
983
+																0);
984
+										}
985
+		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }
986
+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
987
+										"argument"); }
988
+		
924 989
 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,
925 990
 													STRING_ST,
926 991
 													NUMBER_ST,
... ...
@@ -176,6 +176,21 @@ struct socket_info* get_send_socket(union sockaddr_union* to, int proto)
176 176
 			}
177 177
 			break;
178 178
 #endif
179
+#ifdef USE_TLS
180
+		case PROTO_TLS:
181
+			switch(to->s.sa_family){
182
+				/* FIXME */
183
+				case AF_INET:	send_sock=sendipv4_tls;
184
+								break;
185
+#ifdef USE_IPV6
186
+				case AF_INET6:	send_sock=sendipv6_tls;
187
+								break;
188
+#endif
189
+				default:	LOG(L_ERR, "get_send_socket: BUG: don't know how"
190
+									" to forward to af %d\n", to->s.sa_family);
191
+			}
192
+			break;
193
+#endif /* USE_TLS */
179 194
 		case PROTO_UDP:
180 195
 			if ((bind_address==0)||(to->s.sa_family!=bind_address->address.af)||
181 196
 				  (bind_address->proto!=PROTO_UDP)){
... ...
@@ -482,7 +497,11 @@ int forward_reply(struct sip_msg* msg)
482 482
 
483 483
 
484 484
 #ifdef USE_TCP
485
-	if (proto==PROTO_TCP){
485
+	if (proto==PROTO_TCP
486
+#ifdef USE_TLS
487
+			|| proto==PROTO_TLS
488
+#endif
489
+			){
486 490
 		/* find id in i param if it exists */
487 491
 		if (msg->via1->i&&msg->via1->i->value.s){
488 492
 			s=msg->via1->i->value.s;
... ...
@@ -106,14 +106,30 @@ static inline int msg_send(	struct socket_info* send_sock, int proto,
106 106
 					" support is disabled\n");
107 107
 			goto error;
108 108
 		}else{
109
-			if (tcp_send(buf, len, to, id)<0){
109
+			if (tcp_send(proto, buf, len, to, id)<0){
110 110
 				STATS_TX_DROPS;
111 111
 				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");
112 112
 				goto error;
113 113
 			}
114 114
 		}
115 115
 	}
116
-#endif
116
+#ifdef USE_TLS
117
+	else if (proto==PROTO_TLS){
118
+		if (tls_disable){
119
+			STATS_TX_DROPS;
120
+			LOG(L_WARN, "msg_send: WARNING: attempt to send on tls and tls"
121
+					" support is disabled\n");
122
+			goto error;
123
+		}else{
124
+			if (tcp_send(proto, buf, len, to, id)<0){
125
+				STATS_TX_DROPS;
126
+				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");
127
+				goto error;
128
+			}
129
+		}
130
+	}
131
+#endif /* USE_TLS */
132
+#endif /* USE_TCP */
117 133
 	else{
118 134
 			LOG(L_CRIT, "BUG: msg_send: unknown proto %d\n", proto);
119 135
 			goto error;
... ...
@@ -67,6 +67,11 @@ extern struct socket_info* sendipv4_tcp; /* ipv4 socket to use when msg.
67 67
 extern struct socket_info* sendipv6_tcp; /* same as above for ipv6 */
68 68
 extern int unix_tcp_sock; /* socket used for communication with tcp main*/
69 69
 #endif
70
+#ifdef USE_TLS
71
+extern struct socket_info* sendipv4_tls; /* ipv4 socket to use when msg.
72
+										comes from ipv6*/
73
+extern struct socket_info* sendipv6_tls; /* same as above for ipv6 */
74
+#endif
70 75
 
71 76
 extern unsigned int maxbuffer;
72 77
 extern int children_no;
... ...
@@ -1164,7 +1164,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
1164 1164
 	
1165 1165
 #ifdef USE_TCP
1166 1166
 	/* add id if tcp */
1167
-	if (msg->rcv.proto==PROTO_TCP){
1167
+	if (msg->rcv.proto==PROTO_TCP
1168
+#ifdef USE_TLS
1169
+			|| msg->rcv.proto==PROTO_TLS
1170
+#endif
1171
+			){
1168 1172
 		if  ((id_buf=id_builder(msg, &id_len))==0){
1169 1173
 			LOG(L_ERR, "ERROR: build_req_buf_from_sip_req:"
1170 1174
 							" id_builder failed\n");
... ...
@@ -1174,7 +1178,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,
1174 1174
 		extra_params.len=id_len;
1175 1175
 	}
1176 1176
 	/* if sending proto == tcp, check if Content-Length needs to be added*/
1177
-	if (proto==PROTO_TCP){
1177
+	if (proto==PROTO_TCP
1178
+#ifdef USE_TLS
1179
+			|| proto==PROTO_TLS
1180
+#endif
1181
+			){
1178 1182
 		/* first of all parse content-length */
1179 1183
 		if (parse_headers(msg, HDR_CONTENTLENGTH, 0)==-1){
1180 1184
 			LOG(L_ERR, "build_req_buf_from_sip_req:"
... ...
@@ -1390,7 +1398,11 @@ char * build_res_buf_from_sip_res( struct sip_msg* msg,
1390 1390
 #ifdef USE_TCP
1391 1391
 
1392 1392
 	/* if sending proto == tcp, check if Content-Length needs to be added*/
1393
-	if (msg->via2 && (msg->via2->proto==PROTO_TCP)){
1393
+	if (msg->via2 && ((msg->via2->proto==PROTO_TCP)
1394
+#ifdef USE_TLS
1395
+				|| (msg->via2->proto==PROTO_TLS)
1396
+#endif
1397
+				)){
1394 1398
 		DBG("build_res_from_sip_res: checking content-length for \n%.*s\n",
1395 1399
 				(int)msg->len, msg->buf);
1396 1400
 		/* first of all parse content-length */
... ...
@@ -1872,6 +1884,8 @@ char* via_builder( unsigned int *len,
1872 1872
 		/* dop nothing */
1873 1873
 	}else if (proto==PROTO_TCP){
1874 1874
 		memcpy(line_buf+MY_VIA_LEN-4, "TCP ", 4);
1875
+	}else if (proto==PROTO_TLS){
1876
+		memcpy(line_buf+MY_VIA_LEN-4, "TLS", 4);
1875 1877
 	}else{
1876 1878
 		LOG(L_CRIT, "BUG: via_builder: unknown proto %d\n", proto);
1877 1879
 		return 0;
... ...
@@ -64,6 +64,7 @@ enum { FORWARD_T=1, SEND_T, DROP_T, LOG_T, ERROR_T, ROUTE_T, EXEC_T,
64 64
 		REVERT_URI_T,
65 65
 		FORWARD_TCP_T,
66 66
 		FORWARD_UDP_T,
67
+		FORWARD_TLS_T,
67 68
 		SEND_TCP_T,
68 69
 		FORCE_RPORT_T
69 70
 };
... ...
@@ -368,7 +368,8 @@ void tcpconn_put(struct tcp_connection* c)
368 368
 
369 369
 
370 370
 /* finds a tcpconn & sends on it */
371
-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id)
371
+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,
372
+				int id)
372 373
 {
373 374
 	struct tcp_connection *c;
374 375
 	struct ip_addr ip;
... ...
@@ -406,7 +407,7 @@ no_id:
406 406
 		if (c==0){
407 407
 			DBG("tcp_send: no open tcp connection found, opening new one\n");
408 408
 			/* create tcp connection */
409
-			if ((c=tcpconn_connect(to, PROTO_TCP))==0){
409
+			if ((c=tcpconn_connect(to, type))==0){
410 410
 				LOG(L_ERR, "ERROR: tcp_send: connect failed\n");
411 411
 				return -1;
412 412
 			}
... ...
@@ -457,7 +458,12 @@ get_fd:
457 457
 send_it:
458 458
 	DBG("tcp_send: sending...\n");
459 459
 	lock_get(&c->write_lock);
460
-	n=send(fd, buf, len,
460
+#ifdef USE_TLS
461
+	if (c->type==PROTO_TLS)
462
+		n=tls_blocking_write(c, fd, buf, len);
463
+	else
464
+#endif
465
+		n=send(fd, buf, len,
461 466
 #ifdef HAVE_MSG_NOSIGNAL
462 467
 			MSG_NOSIGNAL
463 468
 #else
... ...
@@ -37,7 +37,8 @@
37 37
 struct tcp_connection* tcpconn_get(int id, struct ip_addr* ip, int port, 
38 38
 									int timeout);
39 39
 void tcpconn_put(struct tcp_connection* c);
40
-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id);
40
+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,
41
+			int id);
41 42
 
42 43
 
43 44