planix.org/actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Better debug options gpt DTLS.

Browse Source 
FossilOrigin-Name: e6035c7fc31aa2d06026ca8cc3682b2024ca1587e2175dfcb24df75cad41e5e3
This commit is contained in:
7u83@mail.ru 2016-03-12 15:12:36 +00:00
parent 9b2d0d6550
commit 9d2d9da392
10 changed files with 108 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/WtpConfig.mak
View File

@ -1,9 +1,10 @@
include ../Config.mak include ../Config.mak
#
# Define witch SSL library to use
# OPENSSL or GNUTLS
# #
SSL_LIBRARY=GNUTLS SSL_LIBRARY=GNUTLS
#WITH_OPENSSL=1
CFLAGS += -I/usr/include/libnl3 CFLAGS += -I/usr/include/libnl3
CFLAGS += -I../contrib/uci CFLAGS += -I../contrib/uci

2
src/cw/Makefile
View File

@ -217,12 +217,12 @@ CONNOBJS= conn_create.o \
conn_prepare_configuration_update_request.o \ conn_prepare_configuration_update_request.o \
#bstr_to_str.o \
BSTROBJS= bstr_create.o \ BSTROBJS= bstr_create.o \
bstr_create_from_cfgstr.o \ bstr_create_from_cfgstr.o \
bstr16_create_from_cfgstr.o \ bstr16_create_from_cfgstr.o \
bstr_replace.o \ bstr_replace.o \
bstr_to_str.o \
bstr16cfgstr.o \ bstr16cfgstr.o \
bstr16_create_from_str.o \ bstr16_create_from_str.o \
bstr_create_from_str.o \ bstr_create_from_str.o \

20
src/cw/dbg.c
View File

@ -87,6 +87,7 @@ static struct cw_strlist_elem color_on[] = {
{ DBG_ELEM_ERR, "\x1b[31m" }, { DBG_ELEM_ERR, "\x1b[31m" },
{ DBG_SUBELEM, "\x1b[30m"}, { DBG_SUBELEM, "\x1b[30m"},
{ DBG_DTLS, DBG_CLR_MAGENTA }, { DBG_DTLS, DBG_CLR_MAGENTA },
{ DBG_DTLS_DETAIL, DBG_CLR_MAGENTA },
{ DBG_RFC, "\x1b[31m" }, { DBG_RFC, "\x1b[31m" },
{ DBG_X, "\x1b[31m" }, { DBG_X, "\x1b[31m" },
@ -120,6 +121,7 @@ static struct cw_strlist_elem prefix[] = {
{ DBG_RFC, " RFC Violation -" }, { DBG_RFC, " RFC Violation -" },
{ DBG_SUBELEM," Sub-Element - "}, { DBG_SUBELEM," Sub-Element - "},
{ DBG_DTLS, " DTLS - "}, { DBG_DTLS, " DTLS - "},
{ DBG_DTLS_DETAIL, " DTLS - "},
{ DBG_WARN, " Warning - "}, { DBG_WARN, " Warning - "},
{ DBG_MOD, " Mod - "}, { DBG_MOD, " Mod - "},
{ DBG_X, "XXXXX - "}, { DBG_X, "XXXXX - "},
@ -381,6 +383,24 @@ void cw_dbg_pkt(int level,struct conn *conn, uint8_t * packet, int len,struct so
} }
void cw_dbg_dmp_(int level, const char *file, int line,
const uint8_t * data, int len, const char *format, ...)
{
if (!cw_dbg_is_level(level))
return;
char *dmp = cw_dbg_mkdmp(data,len);
cw_dbg(level,"%s%s",format,dmp);
free(dmp);
}
void cw_dbg_msg(int level,struct conn *conn, uint8_t * packet, int len,struct sockaddr *from) void cw_dbg_msg(int level,struct conn *conn, uint8_t * packet, int len,struct sockaddr *from)
{ {
if (!cw_dbg_is_level(level)) if (!cw_dbg_is_level(level))

3
src/cw/dbg.h
View File

@ -126,6 +126,9 @@ enum cw_dbg_levels{
/** Dump DTLS BIO i/o */ /** Dump DTLS BIO i/o */
DBG_DTLS_BIO_DMP, DBG_DTLS_BIO_DMP,
/** Show DTLS Details */
DBG_DTLS_DETAIL,
/** Debug Mods */ /** Debug Mods */
DBG_MOD, DBG_MOD,

1
src/cw/dbg_strings.c
View File

@ -52,6 +52,7 @@ struct cw_strlist_elem cw_dbg_strings[] = {
{ DBG_DTLS, "dtls" }, { DBG_DTLS, "dtls" },
{ DBG_DTLS_BIO, "dtls_bio" }, { DBG_DTLS_BIO, "dtls_bio" },
{ DBG_DTLS_BIO_DMP, "dtls_bio_dmp"}, { DBG_DTLS_BIO_DMP, "dtls_bio_dmp"},
{ DBG_DTLS_DETAIL, "dtls_detail"},
{ DBG_WARN, "warn" }, { DBG_WARN, "warn" },
{ DBG_MOD,"mod"}, { DBG_MOD,"mod"},

6
src/cw/dtls_bio.c
View File

@ -52,7 +52,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen)
conn->dtls_buffer_pos += maxlen; conn->dtls_buffer_pos += maxlen;
cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen,
maxlen, conn->dtls_buffer_len); maxlen, conn->dtls_buffer_len);
// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump..."); cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, maxlen, "Dump...");
return maxlen; return maxlen;
} }
@ -62,7 +62,7 @@ int dtls_bio_read(struct conn *conn, char *out, int maxlen)
conn->dtls_buffer_len = 0; conn->dtls_buffer_len = 0;
cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, ret, cw_dbg(DBG_DTLS_BIO, "SSL BIO read: (maxlen = %d), read %d, remain %d", maxlen, ret,
conn->dtls_buffer_len); conn->dtls_buffer_len);
// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump..."); cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) out, ret, "Dump...");
return ret; return ret;
} }
@ -84,7 +84,7 @@ int dtls_bio_write(struct conn *conn, const char *data, int len)
cw_dbg(DBG_DTLS_BIO, "SSL BIO write: %d bytes, wrote=%d, ptr: %p", len, rc, data); cw_dbg(DBG_DTLS_BIO, "SSL BIO write: %d bytes, wrote=%d, ptr: %p", len, rc, data);
// cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ..."); cw_dbg_dmp(DBG_DTLS_BIO_DMP, (uint8_t *) data, len, "Dump ...");
if (rc < 0) if (rc < 0)
return rc; return rc;

36
src/cw/dtls_gnutls.c
View File

@ -93,12 +93,46 @@ int dtls_gnutls_read(struct conn * conn, uint8_t *buffer, int len)
} }
static int verify_cert(gnutls_session_t sess)
{
cw_dbg(DBG_DTLS,"Verify cert");
return 0;
}
static void dtls_log_cb(int level, const char * str)
{
if (!cw_dbg_is_level(DBG_DTLS_DETAIL))
return;
switch (level){
case 2:
case 6:
case 4:
return;
}
char buf[2048];
strcpy(buf,str);
char *c = strchr(buf,'\n');
*c=0;
cw_dbg(DBG_DTLS_DETAIL,"%s",buf);
}
struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config) struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config)
{ {
struct dtls_gnutls_data *d = malloc(sizeof(struct dtls_gnutls_data)); struct dtls_gnutls_data *d = malloc(sizeof(struct dtls_gnutls_data));
if (!d) if (!d)
return 0; return 0;
gnutls_global_set_log_level(10);
gnutls_global_set_log_function(dtls_log_cb);
gnutls_certificate_allocate_credentials(&d->x509_cred); gnutls_certificate_allocate_credentials(&d->x509_cred);
@ -174,6 +208,8 @@ struct dtls_gnutls_data *dtls_gnutls_data_create(struct conn *conn,int config)
return 0; return 0;
} }
gnutls_certificate_set_verify_function(d->x509_cred,verify_cert);
gnutls_transport_set_pull_function(d->session, dtls_gnutls_bio_read); gnutls_transport_set_pull_function(d->session, dtls_gnutls_bio_read);
gnutls_transport_set_push_function(d->session, dtls_gnutls_bio_write); gnutls_transport_set_push_function(d->session, dtls_gnutls_bio_write);

1
src/cw/dtls_gnutls_accept.c
View File

@ -74,6 +74,7 @@ int dtls_gnutls_accept(struct conn *conn)
rc = gnutls_dtls_cookie_verify(&cookie_key, rc = gnutls_dtls_cookie_verify(&cookie_key,
&conn->addr, &conn->addr,
sizeof(conn->addr), buffer+4, tlen-4, &prestate); sizeof(conn->addr), buffer+4, tlen-4, &prestate);
if (rc<0){ if (rc<0){
cw_dbg(DBG_DTLS, "Cookie couldn't be verified: %s", gnutls_strerror(rc)); cw_dbg(DBG_DTLS, "Cookie couldn't be verified: %s", gnutls_strerror(rc));
dtls_gnutls_bio_read(conn, buffer, sizeof(buffer)); dtls_gnutls_bio_read(conn, buffer, sizeof(buffer));

42
src/cw/dtls_openssl.c
View File

@ -49,7 +49,6 @@ static const char * ssl_version2str(int version)
return "DTLSv1"; return "DTLSv1";
// case DTLS1_2_VERSION: // case DTLS1_2_VERSION:
// return "DTLSv1.2"; // return "DTLSv1.2";
} }
return "Version unknown"; return "Version unknown";
} }
@ -70,6 +69,25 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
#endif #endif
static void dtls_info_cb (const SSL *ssl, int where, int ret)
{
const char *str = NULL;
int w;
w = where & ~SSL_ST_MASK;
str = where & SSL_ST_CONNECT ? "connect" : where & SSL_ST_ACCEPT ? "accept" : "undefined";
if (where & SSL_CB_LOOP)
{
cw_dbg (DBG_DTLS_DETAIL,"SSL state [\"%s\"]: %s", str, SSL_state_string_long (ssl));
}
else if (where & SSL_CB_ALERT)
{
cw_dbg (DBG_DTLS_DETAIL,"SSL: alert [\"%s\"]: %s : %s", where & SSL_CB_READ ? "read" : "write", \
SSL_alert_type_string_long (ret), SSL_alert_desc_string_long (ret));
}
}
int pem_passwd_cb(char *buf, int size, int rwflag, void *password) int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
{ {
if (!password){ if (!password){
@ -125,8 +143,10 @@ int dtls_openssl_init()
{ {
const char * version = SSLeay_version(SSLEAY_VERSION); const char * version = SSLeay_version(SSLEAY_VERSION);
cw_dbg(DBG_INFO,"Init SSL library - %s",version); cw_dbg(DBG_INFO,"Init SSL library - %s",version);
SSL_load_error_strings();
int rc = SSL_library_init(); int rc = SSL_library_init();
ERR_clear_error();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
return rc; return rc;
} }
@ -238,7 +258,7 @@ int generate_session_id(const SSL *ssl, unsigned char * id, unsigned int *id_len
*/ */
// printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n"); printf ("MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMaking session id\n");
const char * sessid = "9123456789"; const char * sessid = "9123456789";
memcpy(id,sessid,strlen(sessid)); memcpy(id,sessid,strlen(sessid));
*id_len=strlen(sessid); *id_len=strlen(sessid);
@ -280,18 +300,22 @@ static unsigned int psk_server_cb(SSL *ssl,const char *identity, unsigned char *
} }
struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio) struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio)
{ {
struct dtls_openssl_data * d = malloc(sizeof(struct dtls_openssl_data)); struct dtls_openssl_data * d = malloc(sizeof(struct dtls_openssl_data));
if (!d) if (!d)
return 0; return NULL;
memset(d,0,sizeof(struct dtls_openssl_data)); memset(d,0,sizeof(struct dtls_openssl_data));
/* create new SSL ctx. (In future this should not be done for every connection) */ /* create new SSL ctx. (In future this should not be done for every connection) */
d->ctx = SSL_CTX_new(method); d->ctx = SSL_CTX_new(method);
if (!d->ctx){ if (!d->ctx){
dtls_openssl_data_destroy(d); dtls_openssl_data_destroy(d);
return 0; return NULL;
} }
@ -333,11 +357,13 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
/* setup debugging */ /* setup debugging */
#ifdef WITH_CW_LOG_DEBUG #ifdef WITH_CW_LOG_DEBUG
SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb); SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
SSL_CTX_set_info_callback (d->ctx, &dtls_info_cb);
#endif #endif
SSL_CTX_set_read_ahead(d->ctx, 0); SSL_CTX_set_read_ahead(d->ctx, 1);
@ -347,7 +373,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
// SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_BOTH); // SSL_CTX_set_session_cache_mode(d->ctx, SSL_SESS_CACHE_BOTH);
// SSL_CTX_set_options(d->ctx, SSL_OP_ALL); SSL_CTX_set_options(d->ctx, SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3 );
// SSL_CTX_set_generate_session_id(d->ctx,generate_session_id); // SSL_CTX_set_generate_session_id(d->ctx,generate_session_id);
@ -424,7 +450,7 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
/* /*
* Convert the PSK key (psk_key) in ascii to binary (psk). * Convert the PSK key (psk_key) from ascii to binary (psk).
*/ */
int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len) { int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len) {

5
src/wtp/wtp_main.c
View File

@ -141,6 +141,9 @@ int main()
// //
#define CWMOD "cisco" #define CWMOD "cisco"
#define CWBIND "cisco" #define CWBIND "cisco"
//#define CWMOD "capwap"
//#define CWBIND "capwap80211"
struct mod_wtp *mod = modload_wtp(CWMOD); struct mod_wtp *mod = modload_wtp(CWMOD);
if (!mod) { if (!mod) {
@ -160,7 +163,7 @@ int main()
printf("Out reg = %d\n",rc); printf("Out reg = %d\n",rc);
conn->detected = 1; conn->detected = 1;
conn->dtls_verify_peer=0;