diff --git a/actube.workspace b/actube.workspace index b21adfd1..b8870938 100644 --- a/actube.workspace +++ b/actube.workspace @@ -1,9 +1,9 @@ - + - + diff --git a/src/ac/ac.conf b/src/ac/ac.conf index 9da15559..b3194e8e 100644 --- a/src/ac/ac.conf +++ b/src/ac/ac.conf @@ -196,6 +196,7 @@ ssl_cert="../../ssl/certs/ac-cisco.pem" # Set debug level # dbg = info # Show all kind of infos +# dbg += all dbg += msg_in # Incomming CAPWAP messages dbg += msg_out # Outgoing CAPWAP messages dbg += msg_err # Be verbose about capwap message errors like re-transmission @@ -212,13 +213,12 @@ ssl_cert="../../ssl/certs/ac-cisco.pem" dbg += pkt_dmp # Hex dump CAPWAP packets. dbg += pkt_err # Show messages about malformed packets when detected # dbg += dtls # Messages concerning DTLS -# dbg += dtls_detail # DTLS in more detail +# dbg += -dtls_detail # DTLS in more detail # dbg += dtls_bio # DTLS BIO operations # dbg += dtls_bio_dmp # HeXy dump data in BIO operations dbg += warn # misc warnings dbg += mod # Debugs specific to mod dbg += cfg_dmp - dbg += all # # dbg += all # all of the above # dbg += err # Same as dbg_err and pkt_err diff --git a/src/ac/ac_main.c b/src/ac/ac_main.c index 7c1e87b5..03c47f87 100644 --- a/src/ac/ac_main.c +++ b/src/ac/ac_main.c @@ -261,7 +261,7 @@ int main (int argc, char *argv[]) actube_global_cfg = global_cfg; - cw_dbg_opt_level=0xffffffff; +/* cw_dbg_opt_level=0xffffffff;*/ cw_dbg(DBG_INFO,"Hello world"); diff --git a/src/ac/config.ktv b/src/ac/config.ktv index 34098630..dc625dd4 100644 --- a/src/ac/config.ktv +++ b/src/ac/config.ktv @@ -20,3 +20,11 @@ capwap-control-ip-address/address.0:IPAddress:192.168.0.14 capwap-control-ip-address/wtps.0:Word:0 #capwap-control-ip-address/wtps.1:Word:11 + +capwap/ssl-keyfile:Str:"../../ssl/certs/ac-cisco.key" +capwap/ssl-certfile:Str:"../../ssl/certs/ac-cisco.pem" +capwap/ssl-cipher:Str:NORMAL +#capwap/ssl-psk:Str:"HalloWelt" + + + diff --git a/src/ac/wtpman.c b/src/ac/wtpman.c index f62f0c35..3c41f48c 100644 --- a/src/ac/wtpman.c +++ b/src/ac/wtpman.c @@ -91,7 +91,7 @@ static void wtpman_run_discovery(void *arg) time_t timer = cw_timer_start(10); wtpman->conn->capwap_state = CAPWAP_STATE_DISCOVERY; - wtpman->conn->remote_cfg = cw_ktv_create(); + while (!cw_timer_timeout(timer) && wtpman->conn->capwap_state == CAPWAP_STATE_DISCOVERY) { @@ -101,11 +101,11 @@ static void wtpman_run_discovery(void *arg) wtpman->conn->capwap_state=CAPWAP_STATE_JOIN; cw_dbg(DBG_INFO,"Discovery has detected mods: %s %s", - wtpman->conn->bmod->name,wtpman->conn->cmod->name); + wtpman->conn->cmod->name,wtpman->conn->bmod->name); wtplist_lock(); discovery_cache_add(discovery_cache,(struct sockaddr*)&wtpman->conn->addr, - wtpman->conn->bmod,wtpman->conn->cmod); + wtpman->conn->cmod,wtpman->conn->bmod); wtplist_unlock(); } @@ -137,11 +137,12 @@ static int wtpman_establish_dtls(void *arg) char sock_buf[SOCK_ADDR_BUFSIZE]; struct wtpman *wtpman = (struct wtpman *) arg; + /* setup cipher */ - wtpman->conn->dtls_cipher = conf_sslcipher; +/* wtpman->conn->dtls_cipher = conf_sslcipher;*/ /* setup DTSL certificates */ - dtls_ok = 0; +/* dtls_ok = 0; if (conf_sslkeyfilename && conf_sslcertfilename) { @@ -153,9 +154,9 @@ static int wtpman_establish_dtls(void *arg) cw_dbg(DBG_DTLS, "Using cert file %s", wtpman->conn->dtls_cert_file); dtls_ok = 1; } - +*/ /* setup DTLS psk */ - if (conf_dtls_psk) { +/* if (conf_dtls_psk) { wtpman->conn->dtls_psk = conf_dtls_psk; wtpman->conn->dtls_psk_len = strlen(conf_dtls_psk); dtls_ok = 1; @@ -166,7 +167,7 @@ static int wtpman_establish_dtls(void *arg) "Can't establish DTLS session, neither psk nor certs set in config file."); return 0; } - +*/ /* try to accept the connection */ if (!dtls_accept(wtpman->conn)) { cw_dbg(DBG_DTLS, "Error establishing DTLS session with %s", @@ -321,7 +322,7 @@ void * wtpman_run_data(void *wtpman_arg) static void * wtpman_run(void *arg) { - mavl_t r; + mavl_t r; int rc ; time_t timer; char sock_buf[SOCK_ADDR_BUFSIZE]; @@ -332,6 +333,8 @@ static void * wtpman_run(void *arg) wtpman->conn->seqnum = 0; conn = wtpman->conn; + wtpman->conn->remote_cfg = cw_ktv_create(); + /* We were invoked with an unencrypted packet, * so assume, it is a discovery request */ if (!wtpman->dtlsmode){ @@ -606,20 +609,7 @@ struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr, int dt } - /* when created caused by a packet in DTLS mode, we try - * to find out the modules to load, for detected connection - * from discovery request */ - if (dtlsmode){ - int rc; - struct cw_Mod *cmod, *bmod; - - rc = discovery_cache_get(discovery_cache,srcaddr,&cmod,&bmod); - if (rc){ - cw_dbg(DBG_INFO, "Initializing with mod %s %s",cmod,bmod); - wtpman->conn->msgset = cw_mod_get_msg_set(wtpman->conn,cmod,bmod); - wtpman->conn->detected=1; - } - } + @@ -638,12 +628,25 @@ struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr, int dt */ - wtpman->conn->local_cfg = cw_ktv_create(); wtpman->conn->global_cfg = actube_global_cfg; wtpman->conn->local_cfg = actube_global_cfg; - + /* when created caused by a packet in DTLS mode, we try + * to find out the modules to load, for detected connection + * from discovery request */ + if (dtlsmode){ + int rc; + struct cw_Mod *cmod, *bmod; + + rc = discovery_cache_get(discovery_cache,srcaddr,&cmod,&bmod); + if (rc){ + cw_dbg(DBG_INFO, "Initializing with mod %s %s",cmod->name,bmod->name); + wtpman->conn->msgset = cw_mod_get_msg_set(wtpman->conn,cmod,bmod); + wtpman->conn->detected=1; + cmod->setup_cfg(wtpman->conn); + } + } return wtpman; } diff --git a/src/cw/capwap_strings_elem.c b/src/cw/capwap_strings_elem.c index 1c44f171..16847ebf 100644 --- a/src/cw/capwap_strings_elem.c +++ b/src/cw/capwap_strings_elem.c @@ -35,7 +35,7 @@ struct cw_StrListElem capwap_strings_elem[] = { {CW_ELEM_IMAGE_IDENTIFIER, "Image Identifier"}, {CW_ELEM_IMAGE_INFORMATION, "Image Information"}, {CW_ELEM_INITIATE_DOWNLOAD, "Initiate Download"}, - {CW_ELEM_LOCATION_DATA, "Location Data"}, + {CAPWAP_ELEM_LOCATION_DATA, "Location Data"}, {CW_ELEM_MAXIMUM_MESSAGE_LENGTH, "Maximum Message Length"}, {CAPWAP_ELEM_MTU_DISCOVERY_PADDING, "MTU Discovery Padding"}, {CW_ELEM_RADIO_ADMINISTRATIVE_STATE, "Radio Administrative State"}, diff --git a/src/cw/conn_process_packet.c b/src/cw/conn_process_packet.c index 95e859f3..1494d146 100644 --- a/src/cw/conn_process_packet.c +++ b/src/cw/conn_process_packet.c @@ -276,7 +276,7 @@ static int process_elements(struct conn *conn, uint8_t * rawmsg, int len, errno = EAGAIN; return -1; } - + conn->cmod->setup_cfg(conn); conn->msgset= set; conn->detected = 1; } diff --git a/src/mod/capwap/capwap_actions_ac.c b/src/mod/capwap/capwap_actions_ac.c index 5f626100..219f4bd7 100644 --- a/src/mod/capwap/capwap_actions_ac.c +++ b/src/mod/capwap/capwap_actions_ac.c @@ -156,6 +156,31 @@ static struct cw_ElemHandler handlers[] = { , + { + "Location Data", /* name */ + CAPWAP_ELEM_LOCATION_DATA, /* Element ID */ + 0,0, /* Vendor / Proto */ + 1,CAPWAP_MAX_LOCATION_DATA_LEN, /* min/max length */ + CW_TYPE_BSTR16, /* type */ + "location-data", /* Key */ + cw_in_generic, /* get */ + cw_out_generic /* put */ + } + , + + { + "WTP Name", /* name */ + CAPWAP_ELEM_WTP_NAME, /* Element ID */ + 0,0, /* Vendor / Proto */ + 1,CAPWAP_MAX_WTP_NAME_LEN, /* min/max length */ + CW_TYPE_BSTR16, /* type */ + "wtp-name", /* Key */ + cw_in_generic, /* get */ + cw_out_generic /* put */ + } + , + + {0,0,0,0,0,0,0,0} }; @@ -171,7 +196,6 @@ static struct cw_ElemDef discovery_request_elements[] ={ {0,0,CAPWAP_ELEM_MTU_DISCOVERY_PADDING, 0, 0}, {0,0,CAPWAP_ELEM_VENDOR_SPECIFIC_PAYLOAD, 0, CW_IGNORE}, {0,0,0,0,0} - }; @@ -186,6 +210,29 @@ static struct cw_ElemDef discovery_response_elements[] ={ }; +static int join_request_states[] = {CAPWAP_STATE_JOIN,0}; +static struct cw_ElemDef join_request_elements[] ={ + {0,0,CAPWAP_ELEM_LOCATION_DATA, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_BOARD_DATA, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_DESCRIPTOR, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_NAME, 1, 0}, + /* Session ID */ + {0,0,CAPWAP_ELEM_WTP_FRAME_TUNNEL_MODE, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_MAC_TYPE, 1, 0}, + +/* {0,0,CAPWAP_ELEM_DISCOVERY_TYPE, 1, 0}, + + {0,0,CAPWAP_ELEM_WTP_DESCRIPTOR, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_FRAME_TUNNEL_MODE, 1, 0}, + {0,0,CAPWAP_ELEM_WTP_MAC_TYPE, 1, 0}, + {0,0,CAPWAP_ELEM_MTU_DISCOVERY_PADDING, 0, 0}, + {0,0,CAPWAP_ELEM_VENDOR_SPECIFIC_PAYLOAD, 0, CW_IGNORE}, +*/ + {0,0,0,0,0} +}; + + + static struct cw_MsgDef messages[] = { { "Discovery Request", @@ -203,7 +250,13 @@ static struct cw_MsgDef messages[] = { discovery_response_elements }, - + { + "Join Request", + CAPWAP_MSG_JOIN_REQUEST, + CW_ROLE_AC, + join_request_states, + join_request_elements + }, diff --git a/src/mod/capwap/capwap_actions_wtp.c b/src/mod/capwap/capwap_actions_wtp.c index fa0d6b91..585065cb 100644 --- a/src/mod/capwap/capwap_actions_wtp.c +++ b/src/mod/capwap/capwap_actions_wtp.c @@ -407,7 +407,7 @@ static cw_action_in_t actions_in[] = { { .capwap_state = CW_STATE_RUN, .msg_id = CAPWAP_MSG_CONFIGURATION_UPDATE_REQUEST, - .elem_id = CW_ELEM_LOCATION_DATA, + .elem_id = CAPWAP_ELEM_LOCATION_DATA, .item_id = CW_ITEM_LOCATION_DATA, .start = cw_in_generic2, .min_len = 1, @@ -512,7 +512,7 @@ static cw_action_out_t actions_out[] = { /* Location Data - Join Request */ { .msg_id = CAPWAP_MSG_JOIN_REQUEST, - .elem_id = CW_ELEM_LOCATION_DATA, + .elem_id = CAPWAP_ELEM_LOCATION_DATA, .item_id = CW_ITEM_LOCATION_DATA, .out = cw_out_generic, .get = cw_out_get_config, diff --git a/src/wtp/config.ktv b/src/wtp/config.ktv index b34edd83..54933435 100644 --- a/src/wtp/config.ktv +++ b/src/wtp/config.ktv @@ -4,7 +4,8 @@ capwap/ssl-certfile:Str:"../../ssl/certs/wtp.crt" capwap/ssl-keyfile:Str:"../../ssl/certs/wtp.key" -capwap/ssl-cipher:Str:ALL +capwap/ssl-cipher:Str:NORMAL +#capwap/ssl-psk:Str:"HalloWelt" cisco/ssl-certfile:Str:"../../ssl/certs/wtp.crt" cisco/ssl-keyfile:Str:"../../ssl/certs/wtp.key" @@ -45,3 +46,6 @@ capwap-timers/echo-interval:Byte:3 "discovery-interval":Byte:1 +location-data:Bstr16:Entangeled + + diff --git a/src/wtp/join.c b/src/wtp/join.c index 3fac22fb..f6a3f34d 100644 --- a/src/wtp/join.c +++ b/src/wtp/join.c @@ -107,26 +107,16 @@ int run_join_d(struct conn * conn, struct sockaddr *sa) int rsec,lsec; int rc; -printf("JOINFD: %s\n",sock_addr2str_p(sa,addrstr)); - -/* lsec = cw_ktv_get_byte(conn->local_cfg,"ac-descriptor/security",0); + /* Check if we support the same auth methods as the AC */ + lsec = cw_ktv_get_byte(conn->local_cfg,"ac-descriptor/security",0); rsec = cw_ktv_get_byte(conn->remote_cfg,"ac-descriptor/security",0); -*/ -lsec = rsec =4; - - printf("Anding my and remote %d %d %d\n",lsec,rsec, rsec & lsec); - if ((lsec & rsec) == 0){ cw_log(LOG_ERR, "Can't establish DTLS with AC, my sec: %d, remote sec %d",lsec,rsec); return 0; } - -/* struct conn *conn = get_conn();*/ + /* setup a socket */ conn->capwap_state = CAPWAP_STATE_JOIN; - - - sockfd = socket(sa->sa_family, SOCK_DGRAM, 0); if (sockfd == -1) { cw_log(LOG_ERR, "Can't create socket: %s\n", strerror(errno)); @@ -142,44 +132,15 @@ lsec = rsec =4; rc = connect(sockfd, (struct sockaddr *) sa, sock_addrlen((struct sockaddr *) sa)); -/* if (rc < 0) { - cw_log(LOG_ERR, "Can't connect to %s: %s\n", sock_addr2str(sa), - strerror(errno)); + if (rc < 0) { + cw_log(LOG_ERR, "Can't connect to %s: %s\n", + sock_addr2str(sa,addrstr),strerror(errno)); close(sockfd); return -1; } -*/ + cw_dbg(DBG_DTLS, "Establishing DTLS session with %s", sock_addr2str(sa, addrstr)); -/* - int dtls_conf_ok=0; - - if (conn->dtls_psk) { - conn->dtls_psk = conf_dtls_psk; - conn->dtls_psk_len = strlen(conn->dtls_psk); - conn->dtls_cipher = conf_dtls_cipher; - dtls_conf_ok=1; - } - - if (conf_sslkeyfilename && conf_sslcertfilename) { - - conn->dtls_key_file = conf_sslkeyfilename; - conn->dtls_cert_file = conf_sslcertfilename; - conn->dtls_key_pass = conf_sslkeypass; - conn->dtls_cipher = conf_dtls_cipher; - dtls_conf_ok=1; - } - - if (!dtls_conf_ok){ - cw_log(LOG_ERR,"Can't establish DTLS connection with %s, neither psk nor cert set in config", - sock_addr2str(sa,addrstr)); - close(sockfd); - return 0; - } -*/ - - - rc = dtls_connect(conn); if (rc != 1) { @@ -194,8 +155,7 @@ lsec = rsec =4; cw_dbg(DBG_DTLS, "DTLS Connection successful established with %s", sock_addr2str(sa,addrstr)); - - + run_join(conn); return 1; } @@ -241,12 +201,6 @@ int run_join(struct conn *conn) int join(struct conn * conn, struct cw_DiscoveryResult * dis) { -/* -struct sockaddr_storage s; -sock_strtoaddr("192.168.0.14:5246",(struct sockaddr*)&s); -run_join_d(conn,(struct sockaddr*)&s); -exit(0); -*/ mavliter_t ii; mavliter_init(&ii,dis->prio_ip); @@ -277,57 +231,11 @@ exit(0); cw_dbg(DBG_INFO, "Going to join CAPWAP controller '%s' at %s.",ac_name,ipstr); conn->remote_cfg=rcfg; - - /*cw_dbg_ktv_dump(conn->local_cfg,DBG_INFO,"remopte ac","preifx**: ","bottom"); - */ - + sock_strtoaddr(ipstr,(struct sockaddr*)(&sockaddr)); sock_setport((struct sockaddr*)&sockaddr,5246); run_join_d(conn,(struct sockaddr*)(&sockaddr)); - } - - - /*mbag_del_all(conn->incomming);*/ - -/* cw_aciplist_t iplist = - mbag_get_mavl(conn->local, CW_ITEM_CAPWAP_CONTROL_IP_ADDRESS_LIST); - if (!iplist) { - cw_log(LOG_ERR, "No IPs to join controller."); - return 0; - } - - if (!mavl_get_count(iplist)){ - cw_log(LOG_ERR, "No IPs to join controller. IP list is empty."); - return 0; - } -*/ - - - mavliter_foreach(&ii) { - -/* cw_acip_t *ip = avliter_get(&ii);*/ - - - /* cw_dbg(DBG_INFO, "Going to join CAWAP controller on %s", - sock_addr2str_p(&ip->ip,addrstr)); -*/ - -/* int rc = run_join_d((struct sockaddr *) &ip->ip); - - if (rc<=0) - continue; - - rc = run_join(conn); - if (rc) { - conn->capwap_state = CW_STATE_CONFIGURE; - return 1; - } -*/ - } - - return 0; - }