From 9d2d9da3923a0b15c1abb40e6eaea84d6b5d3d32 Mon Sep 17 00:00:00 2001 From: "7u83@mail.ru" <7u83@mail.ru@noemail.net> Date: Sat, 12 Mar 2016 15:12:36 +0000 Subject: [PATCH] Better debug options gpt DTLS. FossilOrigin-Name: e6035c7fc31aa2d06026ca8cc3682b2024ca1587e2175dfcb24df75cad41e5e3 --- src/WtpConfig.mak | 5 ++-- src/cw/Makefile | 2 +- src/cw/dbg.c | 20 ++++++++++++++++ src/cw/dbg.h | 3 +++ src/cw/dbg_strings.c | 1 + src/cw/dtls_bio.c | 6 ++--- src/cw/dtls_gnutls.c | 36 +++++++++++++++++++++++++++++ src/cw/dtls_gnutls_accept.c | 1 + src/cw/dtls_openssl.c | 46 +++++++++++++++++++++++++++++-------- src/wtp/wtp_main.c | 5 +++- 10 files changed, 108 insertions(+), 17 deletions(-) diff --git a/src/WtpConfig.mak b/src/WtpConfig.mak index e896a40c..2aa1d3b2 100644 --- a/src/WtpConfig.mak +++ b/src/WtpConfig.mak @@ -1,9 +1,10 @@ include ../Config.mak +# +# Define witch SSL library to use +# OPENSSL or GNUTLS # SSL_LIBRARY=GNUTLS -#WITH_OPENSSL=1 - CFLAGS += -I/usr/include/libnl3 CFLAGS += -I../contrib/uci diff --git a/src/cw/Makefile b/src/cw/Makefile index 3bb16cd8..591dbdeb 100644 --- a/src/cw/Makefile +++ b/src/cw/Makefile @@ -217,12 +217,12 @@ CONNOBJS= conn_create.o \ conn_prepare_configuration_update_request.o \ + #bstr_to_str.o \ BSTROBJS= bstr_create.o \ bstr_create_from_cfgstr.o \ bstr16_create_from_cfgstr.o \ bstr_replace.o \ - bstr_to_str.o \ bstr16cfgstr.o \ bstr16_create_from_str.o \ bstr_create_from_str.o \ diff --git a/src/cw/dbg.c b/src/cw/dbg.c index bf874b18..f8facede 100644 --- a/src/cw/dbg.c +++ b/src/cw/dbg.c @@ -87,6 +87,7 @@ static struct cw_strlist_elem color_on[] = { { DBG_ELEM_ERR, "\x1b[31m" }, { DBG_SUBELEM, "\x1b[30m"}, { DBG_DTLS, DBG_CLR_MAGENTA }, + { DBG_DTLS_DETAIL, DBG_CLR_MAGENTA }, { DBG_RFC, "\x1b[31m" }, { DBG_X, "\x1b[31m" }, @@ -120,6 +121,7 @@ static struct cw_strlist_elem prefix[] = { { DBG_RFC, " RFC Violation -" }, { DBG_SUBELEM," Sub-Element - "}, { DBG_DTLS, " DTLS - "}, + { DBG_DTLS_DETAIL, " DTLS - "}, { DBG_WARN, " Warning - "}, { DBG_MOD, " Mod - "}, { DBG_X, "XXXXX - "}, @@ -381,6 +383,24 @@ void cw_dbg_pkt(int level,struct conn *conn, uint8_t * packet, int len,struct so } + +void cw_dbg_dmp_(int level, const char *file, int line, + const uint8_t * data, int len, const char *format, ...) +{ + if (!cw_dbg_is_level(level)) + return; + + + char *dmp = cw_dbg_mkdmp(data,len); + cw_dbg(level,"%s%s",format,dmp); + free(dmp); + + +} + + + + void cw_dbg_msg(int level,struct conn *conn, uint8_t * packet, int len,struct sockaddr *from) { if (!cw_dbg_is_level(level)) diff --git a/src/cw/dbg.h b/src/cw/dbg.h index e3405d00..14e319b9 100644 --- a/src/cw/dbg.h +++ b/src/cw/dbg.h @@ -126,6 +126,9 @@ enum cw_dbg_levels{ /** Dump DTLS BIO i/o */ DBG_DTLS_BIO_DMP, + /** Show DTLS Details */ + DBG_DTLS_DETAIL, + /** Debug Mods */ DBG_MOD, diff --git a/src/cw/dbg_strings.c b/src/cw/dbg_strings.c index 9681a974..35ef0168 100644 --- a/src/cw/dbg_strings.c +++ b/src/cw/dbg_strings.c @@ -52,6 +52,7 @@ struct cw_strlist_elem cw_dbg_strings[] = { { DBG_DTLS, "dtls" }, { DBG_DTLS_BIO, "dtls_bio" }, { DBG_DTLS_BIO_DMP, "dtls_bio_dmp"}, + { DBG_DTLS_DETAIL, "dtls_detail"}, { DBG_WARN, "warn" }, { DBG_MOD,"mod"}, diff --git a/src/cw/dtls_bio.c b/src/cw/dtls_bio.c index 38ff1164..d037089d 100644 --- a/src/cw/dtls_bio.c +++ b/src/cw/dtls_bio.c @@ -52,7 +52,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen) conn->dtls_buffer_pos += maxlen; cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, maxlen, conn->dtls_buffer_len); -// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump..."); + cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump..."); return maxlen; } @@ -62,7 +62,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen) conn->dtls_buffer_len = 0; cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, ret, conn->dtls_buffer_len); -// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump..."); + cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump..."); return ret; } @@ -84,7 +84,7 @@ int dtls_bio_write(struct conn *conn, const char *data, int len) cw_dbg(DBG_DTLS_BIO, "SSL BIO write: %d bytes, wrote=%d, ptr: %p", len, rc, data); -// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ..."); + cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ..."); if (rc < 0) return rc; diff --git a/src/cw/dtls_gnutls.c b/src/cw/dtls_gnutls.c index fa7280a9..f6c70b5d 100644 --- a/src/cw/dtls_gnutls.c +++ b/src/cw/dtls_gnutls.c @@ -93,12 +93,46 @@ int dtls_gnutls_read(struct conn * conn, uint8_t *buffer, int len) } +static int verify_cert(gnutls_session_t sess) +{ + cw_dbg(DBG_DTLS,"Verify cert"); + return 0; +} + + +static void dtls_log_cb(int level, const char * str) +{ + if (!cw_dbg_is_level(DBG_DTLS_DETAIL)) + return; + + switch (level){ + case 2: + case 6: + case 4: + return; + + + } + + + + + char buf[2048]; + strcpy(buf,str); + char *c = strchr(buf,'\n'); + *c=0; + cw_dbg(DBG_DTLS_DETAIL,"%s",buf); +} + struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config) { struct dtls_gnutls_data *d = malloc(sizeof(struct dtls_gnutls_data)); if (!d) return 0; + gnutls_global_set_log_level(10); + gnutls_global_set_log_function(dtls_log_cb); + gnutls_certificate_allocate_credentials(&d->x509_cred); @@ -174,6 +208,8 @@ struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config) return 0; } + gnutls_certificate_set_verify_function(d->x509_cred,verify_cert); + gnutls_transport_set_pull_function(d->session, dtls_gnutls_bio_read); gnutls_transport_set_push_function(d->session, dtls_gnutls_bio_write); diff --git a/src/cw/dtls_gnutls_accept.c b/src/cw/dtls_gnutls_accept.c index 041bb7d5..c4fb174a 100644 --- a/src/cw/dtls_gnutls_accept.c +++ b/src/cw/dtls_gnutls_accept.c @@ -74,6 +74,7 @@ int dtls_gnutls_accept(struct conn *conn) rc = gnutls_dtls_cookie_verify(&cookie_key, &conn->addr, sizeof(conn->addr), buffer+4, tlen-4, &prestate); + if (rc<0){ cw_dbg(DBG_DTLS, "Cookie couldn't be verified: %s", gnutls_strerror(rc)); dtls_gnutls_bio_read(conn, buffer, sizeof(buffer)); diff --git a/src/cw/dtls_openssl.c b/src/cw/dtls_openssl.c index f6776d46..9bb615f2 100644 --- a/src/cw/dtls_openssl.c +++ b/src/cw/dtls_openssl.c @@ -49,7 +49,6 @@ static const char * ssl_version2str(int version) return "DTLSv1"; // case DTLS1_2_VERSION: // return "DTLSv1.2"; - } return "Version unknown"; } @@ -63,20 +62,39 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz s += sprintf(s,"SSL msg out: "); else s += sprintf(s,"SSL msg in: "); - + s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len); // cw_dbg(DBG_DTLS_DETAIL,buffer); } #endif +static void dtls_info_cb (const SSL *ssl, int where, int ret) +{ + const char *str = NULL; + int w; + + w = where & ~SSL_ST_MASK; + + str = where & SSL_ST_CONNECT ? "connect" : where & SSL_ST_ACCEPT ? "accept" : "undefined"; + if (where & SSL_CB_LOOP) + { + cw_dbg (DBG_DTLS_DETAIL,"SSL state [\"%s\"]: %s", str, SSL_state_string_long (ssl)); + } + else if (where & SSL_CB_ALERT) + { + cw_dbg (DBG_DTLS_DETAIL,"SSL: alert [\"%s\"]: %s : %s", where & SSL_CB_READ ? "read" : "write", \ + SSL_alert_type_string_long (ret), SSL_alert_desc_string_long (ret)); + } +} + int pem_passwd_cb(char *buf, int size, int rwflag, void *password) { if (!password){ cw_dbg(DBG_DTLS, "DTLS - No password given to decrypt privat key"); return 0; } - + strncpy(buf, (char *)(password), size); buf[size - 1] = '\0'; return(strlen(buf)); @@ -125,8 +143,10 @@ int dtls_openssl_init() { const char * version = SSLeay_version(SSLEAY_VERSION); cw_dbg(DBG_INFO,"Init SSL library - %s",version); - SSL_load_error_strings(); int rc = SSL_library_init(); + ERR_clear_error(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); return rc; } @@ -238,7 +258,7 @@ int generate_session_id(const SSL *ssl, unsigned char * id, unsigned int *id_len */ -// printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n"); + printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n"); const char * sessid = "9123456789"; memcpy(id,sessid,strlen(sessid)); *id_len=strlen(sessid); @@ -280,18 +300,22 @@ static unsigned int psk_server_cb(SSL *ssl,const char *identity, unsigned char * } + + + + struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio) { struct dtls_openssl_data * d = malloc(sizeof(struct dtls_openssl_data)); if (!d) - return 0; + return NULL; memset(d,0,sizeof(struct dtls_openssl_data)); /* create new SSL ctx. (In future this should not be done for every connection) */ d->ctx = SSL_CTX_new(method); if (!d->ctx){ dtls_openssl_data_destroy(d); - return 0; + return NULL; } @@ -333,11 +357,13 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS /* setup debugging */ #ifdef WITH_CW_LOG_DEBUG SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb); + SSL_CTX_set_info_callback (d->ctx, &dtls_info_cb); + #endif - SSL_CTX_set_read_ahead(d->ctx, 0); + SSL_CTX_set_read_ahead(d->ctx, 1); @@ -347,7 +373,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS // SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_BOTH); -// SSL_CTX_set_options(d->ctx, SSL_OP_ALL); + SSL_CTX_set_options(d->ctx, SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3 ); // SSL_CTX_set_generate_session_id(d->ctx,generate_session_id); @@ -424,7 +450,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS /* - * Convert the PSK key (psk_key) in ascii to binary (psk). + * Convert the PSK key (psk_key) from ascii to binary (psk). */ int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len) { diff --git a/src/wtp/wtp_main.c b/src/wtp/wtp_main.c index 7c3084eb..6307e91c 100644 --- a/src/wtp/wtp_main.c +++ b/src/wtp/wtp_main.c @@ -141,6 +141,9 @@ int main() // #define CWMOD "cisco" #define CWBIND "cisco" +//#define CWMOD "capwap" +//#define CWBIND "capwap80211" + struct mod_wtp *mod = modload_wtp(CWMOD); if (!mod) { @@ -160,7 +163,7 @@ int main() printf("Out reg = %d\n",rc); conn->detected = 1; - + conn->dtls_verify_peer=0;