Module: sip-router Branch: andrei/tcp_tls_changes Commit: 0dbb49bd6e08cfd80bb65da23fe048511d3983b7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0dbb49bd...
Author: Andrei Pelinescu-Onciul andrei@iptel.org Committer: Andrei Pelinescu-Onciul andrei@iptel.org Date: Fri Jun 4 18:43:15 2010 +0200
tls: rpc: tls.list and tls.options update
- tls.list update/cleanups (more detailed now) - tls.options - print also the new options. - code in tls_rpc.* is iptelorg only => changed (c) and license (BSD-like).
---
modules/tls/tls_rpc.c | 121 ++++++++++++++++++++++++++++++++----------------- modules/tls/tls_rpc.h | 23 ++++----- 2 files changed, 89 insertions(+), 55 deletions(-)
diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c index 826f12c..650c972 100644 --- a/modules/tls/tls_rpc.c +++ b/modules/tls/tls_rpc.c @@ -4,24 +4,21 @@ * TLS module - management interface * * Copyright (C) 2001-2003 FhG FOKUS - * Copyright (C) 2004,2005 Free Software Foundation, Inc. * Copyright (C) 2005 iptelorg GmbH * * This file is part of sip-router, a free SIP server. * - * sip-router is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * sip-router is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /** tls module management interface (rpc). * @file tls_rpc.c @@ -102,46 +99,83 @@ extern struct tcp_connection** tcpconn_id_hash;
static void tls_list(rpc_t* rpc, void* c) { - static char buf[128]; + char buf[128]; + char src_ip[IP_ADDR_MAX_STR_SIZE]; + char dst_ip[IP_ADDR_MAX_STR_SIZE]; void* handle; char* tls_info; - SSL* ssl; + char* state; + struct tls_extra_data* tls_d; struct tcp_connection* con; int i, len, timeout;
- ssl=0; TCPCONN_LOCK; for(i = 0; i < TCP_ID_HASH_SIZE; i++) { - if (tcpconn_id_hash[i] == NULL) continue; - con = tcpconn_id_hash[i]; - while(con) { - if (con->rcv.proto != PROTO_TLS) goto skip; - if (con->extra_data) - ssl = ((struct tls_extra_data*)con->extra_data)->ssl; - if (ssl) { - tls_info = SSL_CIPHER_description(SSL_get_current_cipher(ssl), - buf, 128); - len = strlen(buf); - if (len && buf[len - 1] == '\n') buf[len - 1] = '\0'; - } else { - tls_info = "Unknown"; - } - timeout = con->timeout - get_ticks(); - if (timeout < 0) timeout = 0; + for (con = tcpconn_id_hash[i]; con; con = con->id_next) { + if (con->rcv.proto != PROTO_TLS) continue; + tls_d = con->extra_data; rpc->add(c, "{", &handle); - rpc->struct_add(handle, "ddsdsds", + /* tcp data */ + if (ip_addr2sbuf(&con->rcv.src_ip, src_ip, sizeof(src_ip)) == 0) { + BUG("failed to convert source ip"); + src_ip[0]=0; + } + if (ip_addr2sbuf(&con->rcv.dst_ip, dst_ip, sizeof(dst_ip)) == 0) { + BUG("failed to convert destination ip"); + dst_ip[0]=0; + } + timeout = TICKS_TO_S(con->timeout - get_ticks()); + rpc->struct_add(handle, "ddsdsd", "id", con->id, "timeout", timeout, - "src_ip", ip_addr2a(&con->rcv.src_ip), + "src_ip", src_ip, "src_port", con->rcv.src_port, - "dst_ip", ip_addr2a(&con->rcv.dst_ip), - "dst_port", con->rcv.dst_port, - "tls", tls_info); - skip: - con = con->id_next; + "dst_ip", dst_ip, + "dst_port", con->rcv.dst_port); + if (tls_d) { + tls_info = SSL_CIPHER_description( + SSL_get_current_cipher(tls_d->ssl), + buf, sizeof(buf)); + len = strlen(buf); + if (len && buf[len - 1] == '\n') buf[len - 1] = '\0'; + /* tls data */ + state = "unknown/error"; + lock_get(&con->write_lock); + switch(tls_d->state) { + case S_TLS_NONE: + state = "none/init"; + break; + case S_TLS_ACCEPTING: + state = "tls_accept"; + break; + case S_TLS_CONNECTING: + state = "tls_connect"; + break; + case S_TLS_ESTABLISHED: + state = "established"; + break; + } + rpc->struct_add(handle, "sddds", + "cipher", tls_info, + "ct_wq_size", tls_d->ct_wq? + tls_d->ct_wq->queued:0, + "enc_rd_buf", tls_d->enc_rd_buf? + tls_d->enc_rd_buf->size:0, + "flags", tls_d->flags, + "state", state + ); + lock_release(&con->write_lock); + } else { + rpc->struct_add(handle, "sddds", + "cipher", "unknown", + "ct_wq_size", 0, + "enc_rd_buf", 0, + "flags", 0, + "state", "pre-init" + ); + } } } - TCPCONN_UNLOCK; }
@@ -169,7 +203,7 @@ static void tls_options(rpc_t* rpc, void* c) { void* handle; rpc->add(c, "{", &handle); - rpc->struct_add(handle, "dSdddSSSSdSSddddddddd", + rpc->struct_add(handle, "dSdddSSSSdSSdddddddddddd", "force_run", cfg_get(tls, tls_cfg, force_run), "method", &cfg_get(tls, tls_cfg, method), "verify_certificate", cfg_get(tls, tls_cfg, verify_cert), @@ -191,7 +225,10 @@ static void tls_options(rpc_t* rpc, void* c) "ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment), "ssl_read_ahead", cfg_get(tls, tls_cfg, ssl_read_ahead), "low_mem_threshold1", cfg_get(tls, tls_cfg, low_mem_threshold1), - "low_mem_threshold2", cfg_get(tls, tls_cfg, low_mem_threshold2) + "low_mem_threshold2", cfg_get(tls, tls_cfg, low_mem_threshold2), + "ct_wq_max", cfg_get(tls, tls_cfg, ct_wq_max), + "con_ct_wq_max", cfg_get(tls, tls_cfg, con_ct_wq_max), + "ct_wq_blk_size", cfg_get(tls, tls_cfg, ct_wq_blk_size) ); }
diff --git a/modules/tls/tls_rpc.h b/modules/tls/tls_rpc.h index b292de1..558bf0d 100644 --- a/modules/tls/tls_rpc.h +++ b/modules/tls/tls_rpc.h @@ -4,24 +4,21 @@ * TLS module - management interface * * Copyright (C) 2001-2003 FhG FOKUS - * Copyright (C) 2004,2005 Free Software Foundation, Inc. * Copyright (C) 2005 iptelorg GmbH * * This file is part of sip-router, a free SIP server. * - * sip-router is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * sip-router is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /** tls module management interface (rpc). * @file tls_rpc.h