some improvements to support Cisco.

FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5

src/ac/wtpman.c

@@ -505,9 +505,6 @@ static int wtpman_establish_dtls(void *arg)
 	fwrite(cert.data,1,cert.size,f);
 	
 
-	exit(0);
-
-//	dtls_get_peers_cert(cert_len,&cert_len);
 
 	return 1;
 }
@@ -601,6 +598,7 @@ static void wtpman_run(void *arg)
 		return;
 	}
 
+exit(0);
 
 	switch (cwrmsg->type){
 		case CWMSG_CHANGE_STATE_EVENT_REQUEST:

src/capwap/Makefile

@@ -126,6 +126,7 @@ CAPWAPOBJS= \
 	cw_readelem_statistics_timer.o \
 	cw_readelem_mtu_discovery_padding.o \
 	cw_readelem_vendor_specific_payload.o \
+	cw_readelem_capwap_local_ip_addr.o \
 	   cw_readelem_wtp_reboot_statistics.o\
    	   cwmsg_addelem_vendor_cisco_ap_timesync.o \
 	lw_checksum.o

src/capwap/capwap.h

@@ -38,6 +38,7 @@
 enum capwapmodes {
 	CWMODE_STD = 0,
 	CWMODE_CISCO,
+	CWMODE_CIPWAP,
 	CWMODE_ZYXEL
 };
 
@@ -234,9 +235,17 @@ struct capwap_ctrlhdr
    WTP Radio Statistics                                 47
 */
 #define CWMSGELEM_WTP_REBOOT_STATISTICS		48
+
+#define CWMSGELEM_WTP_STATIC_IP_ADDRESS_INFO	49
+
 /*   WTP Static IP Address Information                    49
 */
 
+/* Cisco's CAPWAP definitions (CAPWAP draft 7)*/
+#define	CWMSGELEM_WTP_IPV4_IP_ADDR		42
+#define	CWMSGELEM_WTP_IPV6_IP_ADDR		43
+ 
+
 
 /* pseudo message elements, defined for libcapwap */
 

src/capwap/cw_msgelemtostr.c

@@ -119,8 +119,12 @@ const char * cw_msgelemtostr(int elem)
 		case CWMSGELEM_WTP_FRAME_TUNNEL_MODE:
 			return "frame tunnel mode";
 
-		case CWMSGELEM_RESERVED_1:
+/*		case CWMSGELEM_RESERVED_1:
 			return "reserved (42)";
+*/
+		case CWMSGELEM_WTP_IPV4_IP_ADDR:
+			return "WTP IPv4 IP address";
+
 /*
    Reserved                                             43
 */   

src/capwap/cw_readelem_capwap_local_ip_addr.c

@@ -0,0 +1,46 @@
+#include <string.h>
+
+#include "capwap.h"
+
+int cw_readelem_capwap_local_ip_addr(struct sockaddr * local_ip, int type, uint8_t * msgelem, int len)
+{
+	switch (type){
+		case CWMSGELEM_CAPWAP_LOCAL_IPV4_ADDRESS:
+		case CWMSGELEM_WTP_IPV4_IP_ADDR:
+			{
+			if (len!=4)
+				return -1;
+			struct sockaddr_in  * sain = (struct sockaddr_in*)local_ip;
+			memset(sain,0,sizeof(struct sockaddr_in));
+			#ifdef HAVE_SIN_LEN
+				sain->sa_len=sizeof(struct sockaddr_in);
+			#endif
+			memcpy(&sain->sin_addr,msgelem,len);	
+			sain->sin_family=AF_INET;
+			return 1;
+			}
+#ifdef WITH_IPV6				
+		case CWMSGELEM_CAPWAP_LOCAL_IPV6_ADDRESS:
+		case CWMSGELEM_WTP_IPV6_IP_ADDR:
+			{
+			if (len!=16)
+				return -1;
+
+			struct sockaddr_in6  * sain = (struct sockaddr_in6*)local_ip;
+			memset(sain,0,sizeof(struct sockaddr_in6));
+			#ifdef HAVE_SIN6_LEN
+				sain->sa_len=sizeof(struct sockaddr_in);
+			#endif
+			memcpy(&sain->sin6_addr,msgelem,len);
+			sain->sin6_family=AF_INET6;
+
+
+			return 1;
+			}
+		
+#endif				
+		}
+	return 0;
+}
+
+

src/capwap/cwmsg_addelem_wtp_board_data.c

@@ -8,12 +8,15 @@
 
 void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
 {
-	uint8_t msg[1030];
+	uint8_t msg[512];
+
+	/* vendor identifier */
 	*((uint32_t *) msg) = htonl(wtpinfo->vendor_id);
 
 	int l;
 	int len = 4;
 
+	/* mandatory sub-elements */
 	if (wtpinfo->model_no) {
 		l = bstr_len(wtpinfo->model_no);
 		*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_MODELNO << 16 | l);
@@ -22,12 +25,13 @@ void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
 	}
 
 	if (wtpinfo->serial_no) {
-		l = strlen((char *) wtpinfo->serial_no);
+		l = bstr_len( wtpinfo->serial_no);
 		*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_SERIALNO << 16 | l);
-		memcpy(msg + len + 4, wtpinfo->serial_no, l);
+		memcpy(msg + len + 4, bstr_data(wtpinfo->serial_no), l);
 		len += l + 4;
 	}
 
+	/* other sub-elements */
 	if (wtpinfo->macaddress) {
 		*((uint32_t *) (msg + len)) =
 		    htonl(CWBOARDDATA_MACADDRESS << 16 | wtpinfo->macaddress_len);

src/capwap/cwmsg_addelem_wtp_descriptor.c

@@ -2,22 +2,27 @@
 #include <string.h>
 
 #include "capwap.h"
+#include "bstr.h"
 
 
-static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str,int len)  
+static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str)  
 {
 //	printf("add subelem\n");
 	int l;
 	*((uint32_t*)(dst))=htonl(vendorid);   
 //	printf("htonl done\n");
-	if (len==-1)
-		l=strlen((char*)str);
-	else
-		l=len;
+//	if (len==-1)
+//		l=strlen((char*)str);
+//	else
+//		l=len;S
+
+	l = bstr_len(str);
+	
+
 //	printf("strlne got %d\n",l);
 	*((uint32_t*)(dst+4))=htonl((type<<16)|l);
 //	printf("memcopy str %d\n",l);
-	memcpy(dst+8,str,l);
+	memcpy(dst+8,bstr_data(str),l);
 	return l+8;
 }
 
@@ -31,11 +36,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
         *(d+1)=wtpinfo->radios_in_use;
 	len=2;
 
+	switch (wtpinfo->capwap_mode){
+		case CWMODE_CISCO:
+			*((uint16_t*)(d+len))=0;
+			len+=2;
+			break;
+		default:
+			break;
+	}
+
 	/* number of encryption elemnts */
 //	*(d+len)=1;
 //	len+=1;
-	*(d+len)=0;
-	len+=1;
+//	*(d+len)=0;
+//	len+=1;
 
 	/* encryption elements */	
 
@@ -52,20 +66,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
 */
 	/* software subelem*/
 	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_SOFTWARE_VERSION,
-			wtpinfo->software_vendor_id,wtpinfo->software_version,-1);
+			wtpinfo->software_vendor_id,wtpinfo->software_version);
 
 	/* hardware subelem*/
-//	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
-//			wtpinfo->hardware_vendor_id,wtpinfo->hardware_version,2);
-
-/*	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
+			wtpinfo->hardware_vendor_id,wtpinfo->hardware_version);
+/*
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
 			wtpinfo->hardware_vendor_id,hww,2);
 */
 
 	/* bootloader subelem*/
-/*	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
-			wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version,-1);
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
+			wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version);
+
 
-*/
 	cwmsg_addelem(cwmsg,CWMSGELEM_WTP_DESCRIPTOR,d,len);
 }

src/capwap/cwsend_join_request.c

@@ -42,8 +42,11 @@ int cwsend_join_request(struct conn * conn,struct radioinfo * radioinfo,struct w
 	cwmsg_addelem(&cwmsg,CWMSGELEM_WTP_MAC_TYPE,&wtpinfo->mac_type,sizeof(uint8_t));
 	cwmsg_addelem_wtp_radio_infos(&cwmsg,wtpinfo->radioinfo);
 
-	cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
-	cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
+	if (wtpinfo->capwap_mode != CWMODE_CISCO){
+		cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
+		cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
+	}
+
 
 	uint16_t l = htons(wtpinfo->max_msg_len);
 	cwmsg_addelem(&cwmsg,CWMSGELEM_MAXIMUM_MESSAGE_LENGTH,(uint8_t*)&l,sizeof(l));

src/capwap/dtls_gnutls_connect.c

@@ -8,9 +8,11 @@
 int dtls_gnutls_connect(struct conn *conn)
 {
 	struct dtls_gnutls_data * d;
-	d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+	d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
 
+//	gnutls_dh_set_prime_bits(d->session, 512);
 	gnutls_handshake_set_timeout(d->session,GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);	
+
 	int rc;	
 	do {
 		rc = gnutls_handshake(d->session);
@@ -21,6 +23,14 @@ int dtls_gnutls_connect(struct conn *conn)
 		cw_log(LOG_ERR,"Can't connect: %s",gnutls_strerror(rc));
 		return 0;
 	}
+
+
+	cw_dbg(DBG_DTLS,"DTLS - Handshake successful");
+
+	conn->dtls_data=d;
+	conn->read = dtls_gnutls_read;
+	conn->write = dtls_gnutls_write;
+
 	
 	return 1;
 }

src/capwap/dtls_openssl_bio.c

@@ -121,7 +121,7 @@ long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
 
 		case BIO_CTRL_DGRAM_QUERY_MTU:
 			{
-				ret = 1400;
+				ret = 1300;
 				break;
 
 /*         	sockopt_len = sizeof(sockopt_val);

src/capwap/process_join_request.c

@@ -70,7 +70,7 @@ static int process_elem(void *eparm,int type,uint8_t* msgelem,int len)
 	if (wtpinfo_readelem_ecn_support(wtpinfo,type,msgelem,len))
 		goto foundX;
 
-	if (wtpinfo_readelem_cw_local_ip_addr(wtpinfo,type,msgelem,len)){
+	if (cw_readelem_capwap_local_ip_addr(wtpinfo,type,msgelem,len)){
 		cw_mand_elem_found(e->mand, XCWMSGELEM_CAPWAP_LOCAL_IP_ADDRESS);
 		return 1;
 	}

src/capwap/wtpinfo.h

@@ -40,6 +40,10 @@ struct wtp_reboot_statistics{
 
 /* structure to hold info about a wtp */
 struct wtpinfo{
+	
+	int capwap_mode;
+
+
 	uint8_t *ac_name;
 	uint8_t *name;
 	uint8_t * location;

src/wtp/conf_uci.c

@@ -153,6 +153,12 @@ int read_config(const char * filename){
 	if (str) 
 		conf_sslcertfilename=strdup(str);
 
+
+	str = uci_lookup_option_string(ctx,section,"ssl_cipher");
+	if (str) 
+		conf_dtls_cipher=strdup(str);
+
+
 	str = uci_lookup_option_string(ctx,section,"vendor_id");
 	if (str) 
 		conf_vendor_id=atoi(str);
@@ -163,6 +169,13 @@ int read_config(const char * filename){
 		bstr_replace(&conf_software_version,s);
 	}
 
+	str = uci_lookup_option_string(ctx,section,"serial_no");
+	if (str){
+		uint8_t * s = bstr_create_from_cfgstr(str);
+		bstr_replace(&conf_serial_no,s);
+	}
+
+
 	str = uci_lookup_option_string(ctx,section,"model_no");
 	if (str){
 		uint8_t * s = bstr_create_from_cfgstr(str);

src/wtp/join.c

@@ -46,6 +46,8 @@ int join_state(struct conn * conn)
 
 	struct cwrmsg * cwrmsg = conn_get_message(conn);
 
+	printf("Received %08p\n",cwrmsg);
+
 //	cw_log_debug0("Received message %i",cwrmsg->seqnum);
 
 	if (cwrmsg->type != CWMSG_JOIN_RESPONSE || cwrmsg->seqnum != conn->seqnum){
@@ -117,15 +119,12 @@ int join(struct sockaddr *sa)
 		sock_addrtostr(sa,str,100);
 		cw_log(LOG_ERR,"Can't establish DTLS connection to %s",str);
 		close(sockfd);
-exit(0);
 		return 0;
 	}
 
-exit(0);
 
 #endif	
 	cw_dbg (DBG_DTLS,"DTLS session established with %s, cipher=%s",sock_addr2str(sa),dtls_get_cipher(conn)); 
-exit(0);
 
 
 	#ifdef WITH_CW_LOG_DEBUG

src/wtp/wtp_conf.c

@@ -21,6 +21,8 @@
 #include "capwap/sock.h"
 #include "capwap/cw_log.h"
 
+#include "capwap/bstr.h"
+
 
 char * conf_primary_if=0;
 char * conf_wtpname=0;
@@ -69,7 +71,7 @@ uint32_t * conf_hardware_vendor_id;
 uint8_t * conf_hardware_version;
 
 uint8_t * conf_model_no;
-uint8_t * cont_serial_no;
+uint8_t * conf_serial_no;
 
 
 LONGSTRS conf_timer_cfgstrs[] = {
@@ -136,9 +138,10 @@ int wtpconf_name()
 
 
 char * default_ac_list[] = {
-	"192.168.0.255",
+//	"192.168.0.255",
 	"255.255.255.255",
 //	"224.0.1.140",
+//	"192.168.0.12"
 };
 
 int wtpconf_ac_list()
@@ -198,7 +201,8 @@ int wtpconf_preinit()
 
 
 	conf_vendor_id = CONF_DEFAULT_VENDOR_ID;
-	conf_software_version = bstr_create(CONF_DEFAULT_SOFTWARE_VERSION);
+	conf_software_version = bstr_create_from_cfgstr(CONF_DEFAULT_SOFTWARE_VERSION);
+	conf_serial_no = bstr_create_from_cfgstr(CONF_DEFAULT_SERIAL_NO);
 
 
 }

src/wtp/wtp_conf.h

@@ -22,7 +22,7 @@ extern uint32_t * conf_hardware_vendor_id;
 extern uint8_t * conf_hardware_version;
 
 extern uint8_t * conf_model_no;
-extern uint8_t * cont_serial_no;
+extern uint8_t * conf_serial_no;
 
 
 

src/wtp/wtp_interface.c

@@ -13,9 +13,12 @@
 struct wtpinfo * get_wtpinfo()
 {
 	struct wtpinfo * wtpinfo;
+
+
 	wtpinfo=malloc(sizeof(struct wtpinfo));
 	memset(wtpinfo,0,sizeof(struct wtpinfo));
 
+	wtpinfo->capwap_mode=CWMODE_CISCO;
 	wtpinfo->name = (uint8_t*)"wtp";
 	wtpinfo->location = (uint8_t*)"Unknown";
 
@@ -26,7 +29,7 @@ struct wtpinfo * get_wtpinfo()
 
 	}
 */
-	wtpinfo->serial_no="123456789";
+	wtpinfo->serial_no=conf_serial_no;
 	wtpinfo->vendor_id=conf_vendor_id;
 
 	wtpinfo->model_no=conf_model_no;

src/wtp/wtp_uci.default.conf

@@ -18,6 +18,10 @@ config 'wtp'
 	option ssl_cert
 	option ssl_key
 
+	# ciphers
+	# 
+	option ssl_cipher
+
 	# vendor id
 	# set the vendor id as integer value
 	# default is gnu
@@ -29,7 +33,7 @@ config 'wtp'
 
 
 config 'dbg'
-	# defbug options 
+	# debug options 
 	option dtls		0
 	option dtls_detail	0
 	option dtls_bio		0

ssl/mkcert.sh

@@ -34,7 +34,7 @@ createcert()
 		PREF="$TYPE-"
 	fi
 	$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE
-	$OPENSSL req -sha1 -new -key $DIR/$NAME.key -out $DIR/$NAME.req   \
+	$OPENSSL req -sha256 -new -key $DIR/$NAME.key -out $DIR/$NAME.req   \
        		 -subj "$SUBJ"
 
 
@@ -74,16 +74,22 @@ fi
 if [ "$TYPE" = "cisco-ap" ]
 then
 	PREF="$2-"
-#	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
-#	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
-
-#	SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
-	#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
-#	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
-#	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
-#	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0019dbe09327/emailAddress=support@cisco.com"
-	createcert "$SUBJ"
+
+       openssl req -nodes -new -x509 \
+                -sha1 \
+                -extensions v3_ca \
+                -days 3650 \
+                -newkey rsa:2048 \
+                -keyout certs/${NAME}.key -out certs/${NAME}.crt \
+                -config openssl.cnf \
+                -x509 \
+                -subj "$SUBJ"
+
+	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+
+
+#	createcert "$SUBJ"
 
 
 fi

ssl/openssl-crt.cnf

@@ -72,7 +72,7 @@ cert_opt 	= ca_default		# Certificate field options
 
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1 #md5			# use public key default MD
+default_md	= sha256 #md5			# use public key default MD
 preserve	= no			# keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
@@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 subjectKeyIdentifier= hash
 authorityKeyIdentifier=keyid:always,issuer:always
+authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
 
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.

ssl/openssl-int.cnf

@@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 subjectKeyIdentifier= hash
 authorityKeyIdentifier=keyid:always,issuer:always
+authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
 
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.