@@ -111,6 +111,9 @@ int do_action(struct action* a, struct sip_msg* msg)

 			if (a->type==FORWARD_UDP_T) proto=PROTO_UDP;

 #ifdef USE_TCP

 			else if (a->type==FORWARD_TCP_T) proto= PROTO_TCP;

+#endif

+#ifdef USE_TLS

+			else if (a->type==FORWARD_TLS_T) proto= PROTO_TLS;

 #endif

 			else proto=msg->rcv.proto;

 			if (a->p1_type==URIHOST_ST){

@@ -150,6 +153,9 @@ int do_action(struct action* a, struct sip_msg* msg)

 					case PROTO_UDP:

 #ifdef USE_TCP

 					case PROTO_TCP:

+#endif

+#ifdef USE_TLS

+					case PROTO_TLS:

 #endif

 						proto=u->proto;

 						break;

@@ -224,7 +230,7 @@ int do_action(struct action* a, struct sip_msg* msg)

 #ifdef USE_TCP

 					else{

 					/*tcp*/

-					ret=tcp_send(msg->buf, msg->len, to, 0);

+					ret=tcp_send(PROTO_TCP, msg->buf, msg->len, to, 0);

 				}

 #endif

 			}

@@ -75,6 +75,7 @@

 FORWARD	forward

 FORWARD_TCP	forward_tcp

 FORWARD_UDP	forward_udp

+FORWARD_TLS	forward_tls

 DROP	"drop"|"break"

 SEND	send

 SEND_TCP	send_tcp

@@ -209,6 +210,7 @@ EAT_ABLE	[\ \t\b\r]

 <INITIAL>{FORWARD}	{count(); yylval.strval=yytext; return FORWARD; }

 <INITIAL>{FORWARD_TCP}	{count(); yylval.strval=yytext; return FORWARD_TCP; }

+<INITIAL>{FORWARD_TLS}	{count(); yylval.strval=yytext; return FORWARD_TLS; }

 <INITIAL>{FORWARD_UDP}	{count(); yylval.strval=yytext; return FORWARD_UDP; }

 <INITIAL>{DROP}	{ count(); yylval.strval=yytext; return DROP; }

 <INITIAL>{SEND}	{ count(); yylval.strval=yytext; return SEND; }

@@ -103,6 +103,7 @@ int rt;  /* Type of route block for find_export */

 /* keywords */

 %token FORWARD

 %token FORWARD_TCP

+%token FORWARD_TLS

 %token FORWARD_UDP

 %token SEND

 %token SEND_TCP

@@ -921,6 +922,71 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,

 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }

 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"

 										"argument"); }

+		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

+														STRING_ST,

+														NUMBER_ST,

+														$3,

+														0);

+										}

+		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

+														STRING_ST,

+														NUMBER_ST,

+														$3,

+														0);

+										}

+		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,

+														IP_ST,

+														NUMBER_ST,

+														(void*)$3,

+														0);

+										}

+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(

+																FORWARD_TLS_T,

+																 STRING_ST,

+																 NUMBER_ST,

+																$3,

+																(void*)$5);

+												 }

+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(

+																FORWARD_TLS_T,

+																 STRING_ST,

+																 NUMBER_ST,

+																$3,

+																(void*)$5);

+													}

+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,

+																 IP_ST,

+																 NUMBER_ST,

+																 (void*)$3,

+																(void*)$5);

+												  }

+		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {

+													$$=mk_action(FORWARD_TLS_T,

+																 URIHOST_ST,

+																 URIPORT_ST,

+																0,

+																0);

+													}

+													

+									

+		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {

+													$$=mk_action(FORWARD_TLS_T,

+																 URIHOST_ST,

+																 NUMBER_ST,

+																0,

+																(void*)$5);

+													}

+		| FORWARD_TLS LPAREN URIHOST RPAREN {

+													$$=mk_action(FORWARD_TLS_T,

+																 URIHOST_ST,

+																 NUMBER_ST,

+																0,

+																0);

+										}

+		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }

+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"

+										"argument"); }

+		

 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,

 													STRING_ST,

 													NUMBER_ST,

@@ -176,6 +176,21 @@ struct socket_info* get_send_socket(union sockaddr_union* to, int proto)

 			}

 			break;

 #endif

+#ifdef USE_TLS

+		case PROTO_TLS:

+			switch(to->s.sa_family){

+				/* FIXME */

+				case AF_INET:	send_sock=sendipv4_tls;

+								break;

+#ifdef USE_IPV6

+				case AF_INET6:	send_sock=sendipv6_tls;

+								break;

+#endif

+				default:	LOG(L_ERR, "get_send_socket: BUG: don't know how"

+									" to forward to af %d\n", to->s.sa_family);

+			}

+			break;

+#endif /* USE_TLS */

 		case PROTO_UDP:

 			if ((bind_address==0)||(to->s.sa_family!=bind_address->address.af)||

 				  (bind_address->proto!=PROTO_UDP)){

@@ -482,7 +497,11 @@ int forward_reply(struct sip_msg* msg)

 #ifdef USE_TCP

-	if (proto==PROTO_TCP){

+	if (proto==PROTO_TCP

+#ifdef USE_TLS

+			|| proto==PROTO_TLS

+#endif

+			){

 		/* find id in i param if it exists */

 		if (msg->via1->i&&msg->via1->i->value.s){

 			s=msg->via1->i->value.s;

@@ -106,14 +106,30 @@ static inline int msg_send(	struct socket_info* send_sock, int proto,

 					" support is disabled\n");

 			goto error;

 		}else{

-			if (tcp_send(buf, len, to, id)<0){

+			if (tcp_send(proto, buf, len, to, id)<0){

 				STATS_TX_DROPS;

 				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");

 				goto error;

 			}

 		}

 	}

-#endif

+#ifdef USE_TLS

+	else if (proto==PROTO_TLS){

+		if (tls_disable){

+			STATS_TX_DROPS;

+			LOG(L_WARN, "msg_send: WARNING: attempt to send on tls and tls"

+					" support is disabled\n");

+			goto error;

+		}else{

+			if (tcp_send(proto, buf, len, to, id)<0){

+				STATS_TX_DROPS;

+				LOG(L_ERR, "msg_send: ERROR: tcp_send failed\n");

+				goto error;

+			}

+		}

+	}

+#endif /* USE_TLS */

+#endif /* USE_TCP */

 	else{

 			LOG(L_CRIT, "BUG: msg_send: unknown proto %d\n", proto);

 			goto error;

@@ -67,6 +67,11 @@ extern struct socket_info* sendipv4_tcp; /* ipv4 socket to use when msg.

 extern struct socket_info* sendipv6_tcp; /* same as above for ipv6 */

 extern int unix_tcp_sock; /* socket used for communication with tcp main*/

 #endif

+#ifdef USE_TLS

+extern struct socket_info* sendipv4_tls; /* ipv4 socket to use when msg.

+										comes from ipv6*/

+extern struct socket_info* sendipv6_tls; /* same as above for ipv6 */

+#endif

 extern unsigned int maxbuffer;

 extern int children_no;

@@ -1164,7 +1164,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,

 #ifdef USE_TCP

 	/* add id if tcp */

-	if (msg->rcv.proto==PROTO_TCP){

+	if (msg->rcv.proto==PROTO_TCP

+#ifdef USE_TLS

+			|| msg->rcv.proto==PROTO_TLS

+#endif

+			){

 		if  ((id_buf=id_builder(msg, &id_len))==0){

 			LOG(L_ERR, "ERROR: build_req_buf_from_sip_req:"

 							" id_builder failed\n");

@@ -1174,7 +1178,11 @@ char * build_req_buf_from_sip_req( struct sip_msg* msg,

 		extra_params.len=id_len;

 	}

 	/* if sending proto == tcp, check if Content-Length needs to be added*/

-	if (proto==PROTO_TCP){

+	if (proto==PROTO_TCP

+#ifdef USE_TLS

+			|| proto==PROTO_TLS

+#endif

+			){

 		/* first of all parse content-length */

 		if (parse_headers(msg, HDR_CONTENTLENGTH, 0)==-1){

 			LOG(L_ERR, "build_req_buf_from_sip_req:"

@@ -1390,7 +1398,11 @@ char * build_res_buf_from_sip_res( struct sip_msg* msg,

 #ifdef USE_TCP

 	/* if sending proto == tcp, check if Content-Length needs to be added*/

-	if (msg->via2 && (msg->via2->proto==PROTO_TCP)){

+	if (msg->via2 && ((msg->via2->proto==PROTO_TCP)

+#ifdef USE_TLS

+				|| (msg->via2->proto==PROTO_TLS)

+#endif

+				)){

 		DBG("build_res_from_sip_res: checking content-length for \n%.*s\n",

 				(int)msg->len, msg->buf);

 		/* first of all parse content-length */

@@ -1872,6 +1884,8 @@ char* via_builder( unsigned int *len,

 		/* dop nothing */

 	}else if (proto==PROTO_TCP){

 		memcpy(line_buf+MY_VIA_LEN-4, "TCP ", 4);

+	}else if (proto==PROTO_TLS){

+		memcpy(line_buf+MY_VIA_LEN-4, "TLS", 4);

 	}else{

 		LOG(L_CRIT, "BUG: via_builder: unknown proto %d\n", proto);

 		return 0;

@@ -64,6 +64,7 @@ enum { FORWARD_T=1, SEND_T, DROP_T, LOG_T, ERROR_T, ROUTE_T, EXEC_T,

 		REVERT_URI_T,

 		FORWARD_TCP_T,

 		FORWARD_UDP_T,

+		FORWARD_TLS_T,

 		SEND_TCP_T,

 		FORCE_RPORT_T

 };

@@ -368,7 +368,8 @@ void tcpconn_put(struct tcp_connection* c)

 /* finds a tcpconn & sends on it */

-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id)

+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,

+				int id)

 {

 	struct tcp_connection *c;

 	struct ip_addr ip;

@@ -406,7 +407,7 @@ no_id:

 		if (c==0){

 			DBG("tcp_send: no open tcp connection found, opening new one\n");

 			/* create tcp connection */

-			if ((c=tcpconn_connect(to, PROTO_TCP))==0){

+			if ((c=tcpconn_connect(to, type))==0){

 				LOG(L_ERR, "ERROR: tcp_send: connect failed\n");

 				return -1;

 			}

@@ -457,7 +458,12 @@ get_fd:

 send_it:

 	DBG("tcp_send: sending...\n");

 	lock_get(&c->write_lock);

-	n=send(fd, buf, len,

+#ifdef USE_TLS

+	if (c->type==PROTO_TLS)

+		n=tls_blocking_write(c, fd, buf, len);

+	else

+#endif

+		n=send(fd, buf, len,

 #ifdef HAVE_MSG_NOSIGNAL

 			MSG_NOSIGNAL

 #else

@@ -37,7 +37,8 @@

 struct tcp_connection* tcpconn_get(int id, struct ip_addr* ip, int port, 

 									int timeout);

 void tcpconn_put(struct tcp_connection* c);

-int tcp_send(char* buf, unsigned len, union sockaddr_union* to, int id);

+int tcp_send(int type, char* buf, unsigned len, union sockaddr_union* to,

+			int id);