GnuTLS is now supported on client side.

FossilOrigin-Name: 1cb3d6ca96bf4b9447418b5a3983a3abc8918d60ef745cc2600a353f4a7f559b
2015-02-08 20:07:55 +00:00
parent 7264630ca8
commit 2dd03898b4
21 changed files with 145 additions and 128 deletions
--- a/src/capwap/Makefile
+++ b/src/capwap/Makefile
@ -154,6 +154,7 @@ CFLAGS+=$(GNUTLS_CFLAGS)
 CFLAGS+=-DWITH_GNUTLS
 DTLSOBJS+= dtls_gnutls.o \
 	dtls_gnutls_accept.o \
+	dtls_gnutls_connect.o \
 	dtls_gnutls_bio.o \
 	dtls_gnutls_get_cipher.o
 endif
--- a/src/capwap/conn.c
+++ b/src/capwap/conn.c
@ -57,10 +57,6 @@ struct conn * conn_create(int sock, struct sockaddr * addr, int qsize)
 	if (addr)
 		sock_copyaddr(&conn->addr,addr);

-//	printf("AF IN: %i\n",addr->sa_family);
-//	char str[200] ;
-//	sock_addrtostr((struct sockaddr*)&conn->addr,str,200);
-//	printf("CONN CREATOR: %s\n",str);

 	conn->fragman = fragman_create();
 	if (conn->fragman==NULL){
@ -81,15 +77,18 @@ struct conn * conn_create(int sock, struct sockaddr * addr, int qsize)
 			return NULL;
 		};
 		conn->recv_packet=conn_q_recv_packet;
+		conn->recv_packet_peek=conn_q_recv_packet_peek;
 	}
-	else
+	else{
 		conn->recv_packet = conn_recv_packet;
+		conn->recv_packet_peek = conn_recv_packet_peek;
+	}

+	conn->send_packet = conn_send_packet;

 	conn->last_seqnum_received=-1;
 	conn->mtu=1500;

-	conn->send_packet = conn_send_packet;

 	conn->cur_packet=0;
 	conn->recv_timeout=1;
--- a/src/capwap/conn.h
+++ b/src/capwap/conn.h
@ -69,6 +69,7 @@ struct conn{
 	/* receive and send methods */

 	int (*recv_packet)(struct conn  *, uint8_t *,int);
+	int (*recv_packet_peek)(struct conn  *, uint8_t *,int);
 	int (*send_packet)(struct conn *, const uint8_t *, int);

 	int (*read)(struct conn *, uint8_t*, int);
@ -147,8 +148,8 @@ uint8_t * conn_q_get_packet(struct conn * conn);
 extern int conn_q_recv_packet(struct conn * conn, uint8_t * buffer,int len);
 extern int conn_q_recv_packet_peek(struct conn * conn, uint8_t * buffer,int len);

-
 extern int conn_recv_packet(struct conn* conn,uint8_t *buf,int len);
+extern int conn_recv_packet_peek(struct conn* conn,uint8_t *buf,int len);

 extern int conn_send_response(struct conn * conn,struct cwmsg * cwmsg,int seqnum);
 extern struct cwrmsg * conn_get_response(struct conn * conn);
--- a/src/capwap/conn_create_noq.c
+++ b/src/capwap/conn_create_noq.c
@ -44,24 +44,24 @@ struct conn * conn_create_noq(int sock, struct sockaddr * addr)
 	if (addr)
 		sock_copyaddr(&conn->addr,addr);

-//	printf("AF IN: %i\n",addr->sa_family);
-//	char str[200] ;
-//	sock_addrtostr((struct sockaddr*)&conn->addr,str,200);
-//	printf("CONN CREATOR: %s\n",str);

+	/* create the CAPWAP framentation manager */
 	conn->fragman = fragman_create();
 	if (conn->fragman==NULL){
 		conn_destroy(conn);
 		return NULL;
 	}

+	/* set packet recieve and send methods */
 	conn->recv_packet = conn_recv_packet;
+	conn->recv_packet_peek = conn_recv_packet_peek;
+	conn->send_packet = conn_send_packet;


+	/* misc settings */
 	conn->last_seqnum_received=-1;
 	conn->mtu=1500;

-	conn->send_packet = conn_send_packet;

 	conn->cur_packet=0;
 	conn->recv_timeout=1;
@ -70,7 +70,6 @@ struct conn * conn_create_noq(int sock, struct sockaddr * addr)
 	conn->write = conn->send_packet;
 	conn->read = conn->recv_packet;

-
 	return conn;
 }

--- a/src/capwap/conn_recv_packet.c
+++ b/src/capwap/conn_recv_packet.c
@ -24,10 +24,9 @@

 #include "conn.h"

-int conn_recv_packet(struct conn* conn,uint8_t *buf,int len)
+int conn_recv_packet_(struct conn* conn,uint8_t *buf,int len,int flags)
 {
 	int n;
-	int flags=0;
 	while( (n = recv(conn->sock,(char*)buf,len,flags)) < 0 ){
 		if (errno!=EINTR)
 		{
@ -40,3 +39,17 @@ int conn_recv_packet(struct conn* conn,uint8_t *buf,int len)
 }


+/* yes, these functions could be better defined as macros in a .h file */
+
+int conn_recv_packet(struct conn* conn,uint8_t *buf,int len)
+{
+	return conn_recv_packet_(conn,buf,len,0);
+}
+
+int conn_recv_packet_peek(struct conn* conn,uint8_t *buf,int len)
+{
+	int rc = conn_recv_packet_(conn,buf,len,MSG_PEEK);
+	return rc;
+	
+}
+
--- a/src/capwap/dtls_gnutls.c
+++ b/src/capwap/dtls_gnutls.c
@ -33,6 +33,11 @@ int dtls_gnutls_init()
 	return 1;
 }

+int dtls_gnutls_shutdown(struct conn *conn)
+{
+	/* implement it */
+	return 1;
+}

 void dtls_gnutls_data_destroy(struct dtls_gnutls_data *d)
 {
@ -74,7 +79,7 @@ int dtls_gnutls_read(struct conn * conn, uint8_t *buffer, int len)
 }


-struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn)
+struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config)
 {
 	struct dtls_gnutls_data *d = malloc(sizeof(struct dtls_gnutls_data));
 	if (!d)
@ -106,7 +111,7 @@ struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn)
 	}


-	rc = gnutls_init(&d->session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+	rc = gnutls_init(&d->session, config); 
 	if (rc < 0) {
 		cw_log(LOG_ERR, "DTLS - Can't init session: %s", gnutls_strerror(rc));
 		dtls_gnutls_data_destroy(d);
@ -132,10 +137,10 @@ struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn)
 		return 0;
 	}

-	gnutls_certificate_server_set_request(d->session,GNUTLS_CERT_REQUEST);

 	gnutls_transport_set_pull_function(d->session, dtls_gnutls_bio_read);
 	gnutls_transport_set_push_function(d->session, dtls_gnutls_bio_write);
+	gnutls_transport_set_pull_timeout_function(d->session, dtls_gnutls_bio_wait);

 	return d;
 }
--- a/src/capwap/dtls_gnutls.h
+++ b/src/capwap/dtls_gnutls.h
@ -48,7 +48,7 @@ struct dtls_gnutls_data {
 	gnutls_priority_t priority_cache;
 };

-struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn);
+struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config);

 #endif

--- a/src/capwap/dtls_gnutls_accept.c
+++ b/src/capwap/dtls_gnutls_accept.c
@ -65,7 +65,7 @@ int dtls_gnutls_accept(struct conn *conn)
 		if (tlen <0 && errno == EAGAIN)
 			continue;
 		if (tlen < 0 ){
-			/* something went wrong, log a message */
+			/* something went wrong, iwe should log a message */
 			continue;
 		}
 		
@ -78,7 +78,7 @@ int dtls_gnutls_accept(struct conn *conn)
 			continue;
 		}

-		dtls_gnutls_bio_read(conn, buffer, sizeof(buffer));
+	//	dtls_gnutls_bio_read(conn, buffer, sizeof(buffer));
 		break;

 	}
@ -92,11 +92,11 @@ int dtls_gnutls_accept(struct conn *conn)
 	cw_dbg(DBG_DTLS, "DTLS - Cookie verified! Starting handshake ...");


-	d = dtls_gnutls_data_create(conn);
+	d = dtls_gnutls_data_create(conn,GNUTLS_SERVER | GNUTLS_DATAGRAM);
 	if (!d)
 		return 0;

-	gnutls_transport_set_pull_timeout_function(d->session, dtls_gnutls_bio_wait);
+	gnutls_certificate_server_set_request(d->session,GNUTLS_CERT_REQUEST);
 	gnutls_dtls_prestate_set(d->session, &prestate);

 	c_timer = cw_timer_start(10);
--- a/src/capwap/dtls_gnutls_bio.c
+++ b/src/capwap/dtls_gnutls_bio.c
@ -46,13 +46,6 @@ ssize_t dtls_gnutls_bio_write(gnutls_transport_ptr_t b, const void *data, size_t
 	return dtls_bio_write(conn,data,len);
 }

-/*
- * wait for an incoming packet, used by gnutls to determine if
- * data is available on "asynchropnous" connections.
- * 
- * Attention! This function only works for struct conn objects where
- * queueing is enabled. Used by AC-Tube. 
- */
 int dtls_gnutls_bio_wait(gnutls_transport_ptr_t ptr, unsigned int ms)
 {
 	struct conn * conn = (struct conn*)ptr;
@ -62,7 +55,7 @@ int dtls_gnutls_bio_wait(gnutls_transport_ptr_t ptr, unsigned int ms)
 	uint8_t buffer[5];

 	do {
-		rc = conn_q_recv_packet_peek(conn,buffer,sizeof(buffer));
+		rc = conn->recv_packet_peek(conn,buffer,sizeof(buffer));

 	}while(!cw_timer_timeout(timer) && rc==GNUTLS_E_AGAIN);