Better debug options gpt DTLS.

FossilOrigin-Name: e6035c7fc31aa2d06026ca8cc3682b2024ca1587e2175dfcb24df75cad41e5e3
2016-03-12 15:12:36 +00:00 · 2016-03-12 15:12:36 +00:00 · 9d2d9da392
parent 9b2d0d6550
commit 9d2d9da392
10 changed files with 108 additions and 17 deletions
--- a/src/WtpConfig.mak
+++ b/src/WtpConfig.mak
@ -1,9 +1,10 @@
 include ../Config.mak

+#
+# Define witch SSL library to use
+# OPENSSL or GNUTLS
 #
 SSL_LIBRARY=GNUTLS
-#WITH_OPENSSL=1
-

 CFLAGS += -I/usr/include/libnl3
 CFLAGS += -I../contrib/uci
--- a/src/cw/Makefile
+++ b/src/cw/Makefile
@ -217,12 +217,12 @@ CONNOBJS= conn_create.o \
 	conn_prepare_configuration_update_request.o \


+	#bstr_to_str.o \

 BSTROBJS= bstr_create.o \
 	bstr_create_from_cfgstr.o \
 	bstr16_create_from_cfgstr.o \
 	bstr_replace.o \
-	bstr_to_str.o \
 	bstr16cfgstr.o \
 	bstr16_create_from_str.o \
 	bstr_create_from_str.o \
--- a/src/cw/dbg.c
+++ b/src/cw/dbg.c
@ -87,6 +87,7 @@ static struct cw_strlist_elem color_on[] = {
 	{ DBG_ELEM_ERR, "\x1b[31m" },
 	{ DBG_SUBELEM, "\x1b[30m"},
 	{ DBG_DTLS, DBG_CLR_MAGENTA },
+	{ DBG_DTLS_DETAIL, DBG_CLR_MAGENTA },

 	{ DBG_RFC, "\x1b[31m" },
 	{ DBG_X, "\x1b[31m" },
@ -120,6 +121,7 @@ static struct cw_strlist_elem prefix[] = {
 	{ DBG_RFC,    " RFC Violation -" },
 	{ DBG_SUBELEM," Sub-Element - "},
 	{ DBG_DTLS, " DTLS - "},
+	{ DBG_DTLS_DETAIL, " DTLS - "},
 	{ DBG_WARN, " Warning - "},
 	{ DBG_MOD, " Mod - "},
 	{ DBG_X, "XXXXX - "},
@ -381,6 +383,24 @@ void cw_dbg_pkt(int level,struct conn *conn, uint8_t * packet, int len,struct so
 }


+
+void cw_dbg_dmp_(int level, const char *file, int line,
+		     const uint8_t * data, int len, const char *format, ...)
+{
+	if (!cw_dbg_is_level(level))
+		return;
+
+
+	char  *dmp = cw_dbg_mkdmp(data,len);
+	cw_dbg(level,"%s%s",format,dmp);
+	free(dmp);
+
+
+}
+
+
+
+
 void cw_dbg_msg(int level,struct conn *conn, uint8_t * packet, int len,struct sockaddr *from)
 {
 	if (!cw_dbg_is_level(level))
--- a/src/cw/dbg.h
+++ b/src/cw/dbg.h
@ -126,6 +126,9 @@ enum cw_dbg_levels{
 	/** Dump DTLS BIO i/o */
 	DBG_DTLS_BIO_DMP,

+	/** Show DTLS Details */
+	DBG_DTLS_DETAIL,
+
 	/** Debug Mods */
 	DBG_MOD,
 	
--- a/src/cw/dbg_strings.c
+++ b/src/cw/dbg_strings.c
@ -52,6 +52,7 @@ struct cw_strlist_elem cw_dbg_strings[] = {
 	{ DBG_DTLS, "dtls" },
 	{ DBG_DTLS_BIO, "dtls_bio" },
 	{ DBG_DTLS_BIO_DMP, "dtls_bio_dmp"},
+	{ DBG_DTLS_DETAIL, "dtls_detail"},
 	{ DBG_WARN, "warn" },
 	{ DBG_MOD,"mod"},

--- a/src/cw/dtls_bio.c
+++ b/src/cw/dtls_bio.c
@ -52,7 +52,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen)
 		conn->dtls_buffer_pos += maxlen;
 		cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen,
 		       maxlen, conn->dtls_buffer_len);
-//		cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump...");
+		cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump...");

 		return maxlen;
 	}
@ -62,7 +62,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen)
 	conn->dtls_buffer_len = 0;
 	cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, ret,
 	       conn->dtls_buffer_len);
-//	cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump...");
+	cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump...");
 	return ret;
 }

@ -84,7 +84,7 @@ int dtls_bio_write(struct conn *conn, const char *data, int len)
 		

 	cw_dbg(DBG_DTLS_BIO, "SSL BIO write: %d bytes, wrote=%d, ptr: %p", len, rc, data);
-//	cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ...");
+	cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ...");

 	if (rc < 0)
 		return rc;
--- a/src/cw/dtls_gnutls.c
+++ b/src/cw/dtls_gnutls.c
@ -93,12 +93,46 @@ int dtls_gnutls_read(struct conn * conn, uint8_t *buffer, int len)
 }


+static int verify_cert(gnutls_session_t sess)
+{
+	cw_dbg(DBG_DTLS,"Verify cert");
+	return 0;
+}
+
+
+static void dtls_log_cb(int level, const char * str)
+{
+	if (!cw_dbg_is_level(DBG_DTLS_DETAIL))
+		return;
+
+	switch (level){
+		case 2:
+		case 6:
+		case 4:
+			return;
+
+
+	}
+
+
+	
+	
+	char buf[2048];
+	strcpy(buf,str);
+	char *c = strchr(buf,'\n');
+	*c=0;
+	cw_dbg(DBG_DTLS_DETAIL,"%s",buf);
+}
+
 struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config)
 {
 	struct dtls_gnutls_data *d = malloc(sizeof(struct dtls_gnutls_data));
 	if (!d)
 		return 0;

+	gnutls_global_set_log_level(10);
+	gnutls_global_set_log_function(dtls_log_cb);
+
 	gnutls_certificate_allocate_credentials(&d->x509_cred);


@ -174,6 +208,8 @@ struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config)
 		return 0;
 	}

+	gnutls_certificate_set_verify_function(d->x509_cred,verify_cert);
+

 	gnutls_transport_set_pull_function(d->session, dtls_gnutls_bio_read);
 	gnutls_transport_set_push_function(d->session, dtls_gnutls_bio_write);
--- a/src/cw/dtls_gnutls_accept.c
+++ b/src/cw/dtls_gnutls_accept.c
@ -74,6 +74,7 @@ int dtls_gnutls_accept(struct conn *conn)
 		rc = gnutls_dtls_cookie_verify(&cookie_key,
 					       &conn->addr,
 					       sizeof(conn->addr), buffer+4, tlen-4, &prestate);
+
 		if (rc<0){
 			cw_dbg(DBG_DTLS, "Cookie couldn't be verified: %s", gnutls_strerror(rc));
 			dtls_gnutls_bio_read(conn, buffer, sizeof(buffer));
--- a/src/cw/dtls_openssl.c
+++ b/src/cw/dtls_openssl.c
@ -49,7 +49,6 @@ static const char * ssl_version2str(int version)
 			return "DTLSv1";
 //		case DTLS1_2_VERSION:
 //			return "DTLSv1.2";
-		
 	}
 	return "Version unknown";
 }
@ -63,20 +62,39 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
 		s += sprintf(s,"SSL msg out: ");
 	else
 		s += sprintf(s,"SSL msg in: ");
-	
+
 	s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
 //	cw_dbg(DBG_DTLS_DETAIL,buffer);
 }
 #endif


+static void dtls_info_cb (const SSL *ssl, int where, int ret)
+{
+	const char *str = NULL;
+	int w;
+
+	w = where & ~SSL_ST_MASK;
+
+	str = where & SSL_ST_CONNECT ? "connect" : where & SSL_ST_ACCEPT ? "accept" : "undefined";
+	if (where & SSL_CB_LOOP)
+	{
+		cw_dbg (DBG_DTLS_DETAIL,"SSL state [\"%s\"]: %s", str, SSL_state_string_long (ssl));
+	}
+	else if (where & SSL_CB_ALERT)
+	{
+		cw_dbg (DBG_DTLS_DETAIL,"SSL: alert [\"%s\"]: %s : %s", where & SSL_CB_READ ? "read" : "write", \
+			SSL_alert_type_string_long (ret), SSL_alert_desc_string_long (ret));
+	}
+}
+
 int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
 {
 	if (!password){
 		cw_dbg(DBG_DTLS, "DTLS - No password given to decrypt privat key");
 		return 0;
 	}
-			
+
 	strncpy(buf, (char *)(password), size);
 	buf[size - 1] = '\0';
 	return(strlen(buf));
@ -125,8 +143,10 @@ int dtls_openssl_init()
 {
 	const char * version = SSLeay_version(SSLEAY_VERSION);
 	cw_dbg(DBG_INFO,"Init SSL library - %s",version);
-	SSL_load_error_strings();
 	int rc = SSL_library_init();
+	ERR_clear_error();
+	SSL_load_error_strings();
+	OpenSSL_add_all_algorithms();
 	return rc;
 }

@ -238,7 +258,7 @@ int generate_session_id(const SSL *ssl, unsigned char * id, unsigned int *id_len
 */


-//	printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n");
+	printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n");
 	const char * sessid = "9123456789";
 	memcpy(id,sessid,strlen(sessid));
 	*id_len=strlen(sessid);
@ -280,18 +300,22 @@ static unsigned int psk_server_cb(SSL *ssl,const char *identity, unsigned char *
 }


+
+
+
+
 struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio)
 {
 	struct dtls_openssl_data * d = malloc(sizeof(struct dtls_openssl_data));
 	if (!d)
-		return 0;
+		return NULL;
 	memset(d,0,sizeof(struct dtls_openssl_data));

 	/* create new SSL ctx. (In future this should not be done for every connection) */
 	d->ctx = SSL_CTX_new(method);
 	if (!d->ctx){
 		dtls_openssl_data_destroy(d);	
-		return 0;
+		return NULL;
 	}

 	
@ -333,11 +357,13 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
 	/* setup debugging */
 #ifdef WITH_CW_LOG_DEBUG
 	SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
+	SSL_CTX_set_info_callback (d->ctx, &dtls_info_cb);
+	
 #endif



-	SSL_CTX_set_read_ahead(d->ctx, 0);
+	SSL_CTX_set_read_ahead(d->ctx, 1);



@ -347,7 +373,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS


 //	SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_BOTH);
-//	SSL_CTX_set_options(d->ctx, SSL_OP_ALL);
+	SSL_CTX_set_options(d->ctx, SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3 );
 //	SSL_CTX_set_generate_session_id(d->ctx,generate_session_id);


@ -424,7 +450,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS


 /* 
- * Convert the PSK key (psk_key) in ascii to binary (psk).
+ * Convert the PSK key (psk_key) from ascii to binary (psk).
 */
 int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len) {

--- a/src/wtp/wtp_main.c
+++ b/src/wtp/wtp_main.c
@ -141,6 +141,9 @@ int main()
 //
 #define CWMOD "cisco"
 #define CWBIND "cisco"
+//#define CWMOD "capwap"
+//#define CWBIND "capwap80211"
+

 	struct mod_wtp *mod = modload_wtp(CWMOD);
 	if (!mod) {
@ -160,7 +163,7 @@ int main()
 	printf("Out reg = %d\n",rc);

 	conn->detected = 1;
-
+	conn->dtls_verify_peer=0;