some improvements to support Cisco.

FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5
2015-03-12 22:21:57 +00:00 · 2015-03-12 22:21:57 +00:00 · 9f048da56f
parent 955ab26a81
commit 9f048da56f
21 changed files with 172 additions and 48 deletions
--- a/src/ac/wtpman.c
+++ b/src/ac/wtpman.c
@ -505,9 +505,6 @@ static int wtpman_establish_dtls(void *arg)
 	fwrite(cert.data,1,cert.size,f);
 	exit(0);
 //	dtls_get_peers_cert(cert_len,&cert_len);
 	return 1;
 }
@ -601,6 +598,7 @@ static void wtpman_run(void *arg)
 		return;
 	}
 exit(0);
 	switch (cwrmsg->type){
 		case CWMSG_CHANGE_STATE_EVENT_REQUEST:
--- a/src/capwap/Makefile
+++ b/src/capwap/Makefile
@ -126,6 +126,7 @@ CAPWAPOBJS= \
 	cw_readelem_statistics_timer.o \
 	cw_readelem_mtu_discovery_padding.o \
 	cw_readelem_vendor_specific_payload.o \
 	cw_readelem_capwap_local_ip_addr.o \
 	   cw_readelem_wtp_reboot_statistics.o\
   	   cwmsg_addelem_vendor_cisco_ap_timesync.o \
 	lw_checksum.o
--- a/src/capwap/capwap.h
+++ b/src/capwap/capwap.h
@ -38,6 +38,7 @@
 enum capwapmodes {
 	CWMODE_STD = 0,
 	CWMODE_CISCO,
 	CWMODE_CIPWAP,
 	CWMODE_ZYXEL
 };
@ -234,9 +235,17 @@ struct capwap_ctrlhdr
   WTP Radio Statistics                                 47
 */
 #define CWMSGELEM_WTP_REBOOT_STATISTICS		48
 #define CWMSGELEM_WTP_STATIC_IP_ADDRESS_INFO	49
 /*   WTP Static IP Address Information                    49
 */
 /* Cisco's CAPWAP definitions (CAPWAP draft 7)*/
 #define	CWMSGELEM_WTP_IPV4_IP_ADDR		42
 #define	CWMSGELEM_WTP_IPV6_IP_ADDR		43
 /* pseudo message elements, defined for libcapwap */
--- a/src/capwap/cw_msgelemtostr.c
+++ b/src/capwap/cw_msgelemtostr.c
@ -119,8 +119,12 @@ const char * cw_msgelemtostr(int elem)
 		case CWMSGELEM_WTP_FRAME_TUNNEL_MODE:
 			return "frame tunnel mode";
-		case CWMSGELEM_RESERVED_1:
+/*		case CWMSGELEM_RESERVED_1:
 			return "reserved (42)";
 */
 		case CWMSGELEM_WTP_IPV4_IP_ADDR:
 			return "WTP IPv4 IP address";
 /*
   Reserved                                             43
 */   
--- a/src/capwap/cw_readelem_capwap_local_ip_addr.c
+++ b/src/capwap/cw_readelem_capwap_local_ip_addr.c
@ -0,0 +1,46 @@
 #include <string.h>
 #include "capwap.h"
 int cw_readelem_capwap_local_ip_addr(struct sockaddr * local_ip, int type, uint8_t * msgelem, int len)
 {
 	switch (type){
 		case CWMSGELEM_CAPWAP_LOCAL_IPV4_ADDRESS:
 		case CWMSGELEM_WTP_IPV4_IP_ADDR:
 			{
 			if (len!=4)
 				return -1;
 			struct sockaddr_in  * sain = (struct sockaddr_in*)local_ip;
 			memset(sain,0,sizeof(struct sockaddr_in));
 			#ifdef HAVE_SIN_LEN
 				sain->sa_len=sizeof(struct sockaddr_in);
 			#endif
 			memcpy(&sain->sin_addr,msgelem,len);	
 			sain->sin_family=AF_INET;
 			return 1;
 			}
 #ifdef WITH_IPV6				
 		case CWMSGELEM_CAPWAP_LOCAL_IPV6_ADDRESS:
 		case CWMSGELEM_WTP_IPV6_IP_ADDR:
 			{
 			if (len!=16)
 				return -1;
 			struct sockaddr_in6  * sain = (struct sockaddr_in6*)local_ip;
 			memset(sain,0,sizeof(struct sockaddr_in6));
 			#ifdef HAVE_SIN6_LEN
 				sain->sa_len=sizeof(struct sockaddr_in);
 			#endif
 			memcpy(&sain->sin6_addr,msgelem,len);
 			sain->sin6_family=AF_INET6;
 			return 1;
 			}
 #endif				
 		}
 	return 0;
 }
--- a/src/capwap/cwmsg_addelem_wtp_board_data.c
+++ b/src/capwap/cwmsg_addelem_wtp_board_data.c
@ -8,12 +8,15 @@
 void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
 {
-	uint8_t msg[1030];
+	uint8_t msg[512];
 	/* vendor identifier */
 	*((uint32_t *) msg) = htonl(wtpinfo->vendor_id);
 	int l;
 	int len = 4;
 	/* mandatory sub-elements */
 	if (wtpinfo->model_no) {
 		l = bstr_len(wtpinfo->model_no);
 		*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_MODELNO << 16 | l);
@ -22,12 +25,13 @@ void cwmsg_addelem_wtp_board_data(struct cwmsg *cwmsg, struct wtpinfo *wtpinfo)
 	}
 	if (wtpinfo->serial_no) {
-		l = strlen((char *) wtpinfo->serial_no);
+		l = bstr_len( wtpinfo->serial_no);
 		*((uint32_t *) (msg + len)) = htonl(CWBOARDDATA_SERIALNO << 16 | l);
-		memcpy(msg + len + 4, wtpinfo->serial_no, l);
+		memcpy(msg + len + 4, bstr_data(wtpinfo->serial_no), l);
 		len += l + 4;
 	}
 	/* other sub-elements */
 	if (wtpinfo->macaddress) {
 		*((uint32_t *) (msg + len)) =
 		    htonl(CWBOARDDATA_MACADDRESS << 16 | wtpinfo->macaddress_len);
--- a/src/capwap/cwmsg_addelem_wtp_descriptor.c
+++ b/src/capwap/cwmsg_addelem_wtp_descriptor.c
@ -2,22 +2,27 @@
 #include <string.h>
 #include "capwap.h"
 #include "bstr.h"
-static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str,int len)  
+static inline int wtpdesc_addsubelem(uint8_t * dst,uint8_t type,uint32_t vendorid,uint8_t * str)  
 {
 //	printf("add subelem\n");
 	int l;
 	*((uint32_t*)(dst))=htonl(vendorid);   
 //	printf("htonl done\n");
-	if (len==-1)
+//	if (len==-1)
-		l=strlen((char*)str);
+//		l=strlen((char*)str);
-	else
+//	else
-		l=len;
+//		l=len;S
 	l = bstr_len(str);
 //	printf("strlne got %d\n",l);
 	*((uint32_t*)(dst+4))=htonl((type<<16)|l);
 //	printf("memcopy str %d\n",l);
-	memcpy(dst+8,str,l);
+	memcpy(dst+8,bstr_data(str),l);
 	return l+8;
 }
@ -31,11 +36,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
        *(d+1)=wtpinfo->radios_in_use;
 	len=2;
 	switch (wtpinfo->capwap_mode){
 		case CWMODE_CISCO:
 			*((uint16_t*)(d+len))=0;
 			len+=2;
 			break;
 		default:
 			break;
 	}
 	/* number of encryption elemnts */
 //	*(d+len)=1;
 //	len+=1;
-	*(d+len)=0;
+//	*(d+len)=0;
-	len+=1;
+//	len+=1;
 	/* encryption elements */	
@ -52,20 +66,20 @@ void cwmsg_addelem_wtp_descriptor(struct cwmsg * cwmsg, struct wtpinfo * wtpinfo
 */
 	/* software subelem*/
 	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_SOFTWARE_VERSION,
-			wtpinfo->software_vendor_id,wtpinfo->software_version,-1);
+			wtpinfo->software_vendor_id,wtpinfo->software_version);
 	/* hardware subelem*/
-//	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
-//			wtpinfo->hardware_vendor_id,wtpinfo->hardware_version,2);
+			wtpinfo->hardware_vendor_id,wtpinfo->hardware_version);
-
+/*
-/*	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_HARDWARE_VERSION,
 			wtpinfo->hardware_vendor_id,hww,2);
 */
 	/* bootloader subelem*/
-/*	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
+	len+=wtpdesc_addsubelem(d+len,CWMSGSUBELEM_WTP_DESCRIPTOR_BOOTLOADER_VERSION,
-			wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version,-1);
+			wtpinfo->bootloader_vendor_id,wtpinfo->bootloader_version);
 */
 	cwmsg_addelem(cwmsg,CWMSGELEM_WTP_DESCRIPTOR,d,len);
 }
--- a/src/capwap/cwsend_join_request.c
+++ b/src/capwap/cwsend_join_request.c
@ -42,8 +42,11 @@ int cwsend_join_request(struct conn * conn,struct radioinfo * radioinfo,struct w
 	cwmsg_addelem(&cwmsg,CWMSGELEM_WTP_MAC_TYPE,&wtpinfo->mac_type,sizeof(uint8_t));
 	cwmsg_addelem_wtp_radio_infos(&cwmsg,wtpinfo->radioinfo);
-	cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
+	if (wtpinfo->capwap_mode != CWMODE_CISCO){
-	cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
+		cwmsg_addelem(&cwmsg,CWMSGELEM_ECN_SUPPORT,&wtpinfo->ecn_support,sizeof(uint8_t));
 		cwmsg_addelem_cw_local_ip_addr(&cwmsg,conn);
 	}
 	uint16_t l = htons(wtpinfo->max_msg_len);
 	cwmsg_addelem(&cwmsg,CWMSGELEM_MAXIMUM_MESSAGE_LENGTH,(uint8_t*)&l,sizeof(l));
--- a/src/capwap/dtls_gnutls_connect.c
+++ b/src/capwap/dtls_gnutls_connect.c
@ -8,9 +8,11 @@
 int dtls_gnutls_connect(struct conn *conn)
 {
 	struct dtls_gnutls_data * d;
-	d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+	d = dtls_gnutls_data_create(conn,GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
 //	gnutls_dh_set_prime_bits(d->session, 512);
 	gnutls_handshake_set_timeout(d->session,GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);	
 	int rc;	
 	do {
 		rc = gnutls_handshake(d->session);
@ -21,6 +23,14 @@ int dtls_gnutls_connect(struct conn *conn)
 		cw_log(LOG_ERR,"Can't connect: %s",gnutls_strerror(rc));
 		return 0;
 	}
 	cw_dbg(DBG_DTLS,"DTLS - Handshake successful");
 	conn->dtls_data=d;
 	conn->read = dtls_gnutls_read;
 	conn->write = dtls_gnutls_write;
 	return 1;
 }
--- a/src/capwap/dtls_openssl_bio.c
+++ b/src/capwap/dtls_openssl_bio.c
@ -121,7 +121,7 @@ long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
 		case BIO_CTRL_DGRAM_QUERY_MTU:
 			{
-				ret = 1400;
+				ret = 1300;
 				break;
 /*         	sockopt_len = sizeof(sockopt_val);
--- a/src/capwap/process_join_request.c
+++ b/src/capwap/process_join_request.c
@ -70,7 +70,7 @@ static int process_elem(void *eparm,int type,uint8_t* msgelem,int len)
 	if (wtpinfo_readelem_ecn_support(wtpinfo,type,msgelem,len))
 		goto foundX;
-	if (wtpinfo_readelem_cw_local_ip_addr(wtpinfo,type,msgelem,len)){
+	if (cw_readelem_capwap_local_ip_addr(wtpinfo,type,msgelem,len)){
 		cw_mand_elem_found(e->mand, XCWMSGELEM_CAPWAP_LOCAL_IP_ADDRESS);
 		return 1;
 	}
--- a/src/capwap/wtpinfo.h
+++ b/src/capwap/wtpinfo.h
@ -40,6 +40,10 @@ struct wtp_reboot_statistics{
 /* structure to hold info about a wtp */
 struct wtpinfo{
 	int capwap_mode;
 	uint8_t *ac_name;
 	uint8_t *name;
 	uint8_t * location;
--- a/src/wtp/conf_uci.c
+++ b/src/wtp/conf_uci.c
@ -153,6 +153,12 @@ int read_config(const char * filename){
 	if (str) 
 		conf_sslcertfilename=strdup(str);
 	str = uci_lookup_option_string(ctx,section,"ssl_cipher");
 	if (str) 
 		conf_dtls_cipher=strdup(str);
 	str = uci_lookup_option_string(ctx,section,"vendor_id");
 	if (str) 
 		conf_vendor_id=atoi(str);
@ -163,6 +169,13 @@ int read_config(const char * filename){
 		bstr_replace(&conf_software_version,s);
 	}
 	str = uci_lookup_option_string(ctx,section,"serial_no");
 	if (str){
 		uint8_t * s = bstr_create_from_cfgstr(str);
 		bstr_replace(&conf_serial_no,s);
 	}
 	str = uci_lookup_option_string(ctx,section,"model_no");
 	if (str){
 		uint8_t * s = bstr_create_from_cfgstr(str);
--- a/src/wtp/join.c
+++ b/src/wtp/join.c
@ -46,6 +46,8 @@ int join_state(struct conn * conn)
 	struct cwrmsg * cwrmsg = conn_get_message(conn);
 	printf("Received %08p\n",cwrmsg);
 //	cw_log_debug0("Received message %i",cwrmsg->seqnum);
 	if (cwrmsg->type != CWMSG_JOIN_RESPONSE || cwrmsg->seqnum != conn->seqnum){
@ -117,15 +119,12 @@ int join(struct sockaddr *sa)
 		sock_addrtostr(sa,str,100);
 		cw_log(LOG_ERR,"Can't establish DTLS connection to %s",str);
 		close(sockfd);
 exit(0);
 		return 0;
 	}
 exit(0);
 #endif	
 	cw_dbg (DBG_DTLS,"DTLS session established with %s, cipher=%s",sock_addr2str(sa),dtls_get_cipher(conn)); 
 exit(0);
 	#ifdef WITH_CW_LOG_DEBUG
--- a/src/wtp/wtp_conf.c
+++ b/src/wtp/wtp_conf.c
@ -21,6 +21,8 @@
 #include "capwap/sock.h"
 #include "capwap/cw_log.h"
 #include "capwap/bstr.h"
 char * conf_primary_if=0;
 char * conf_wtpname=0;
@ -69,7 +71,7 @@ uint32_t * conf_hardware_vendor_id;
 uint8_t * conf_hardware_version;
 uint8_t * conf_model_no;
-uint8_t * cont_serial_no;
+uint8_t * conf_serial_no;
 LONGSTRS conf_timer_cfgstrs[] = {
@ -136,9 +138,10 @@ int wtpconf_name()
 char * default_ac_list[] = {
-	"192.168.0.255",
+//	"192.168.0.255",
 	"255.255.255.255",
 //	"224.0.1.140",
 //	"192.168.0.12"
 };
 int wtpconf_ac_list()
@ -198,7 +201,8 @@ int wtpconf_preinit()
 	conf_vendor_id = CONF_DEFAULT_VENDOR_ID;
-	conf_software_version = bstr_create(CONF_DEFAULT_SOFTWARE_VERSION);
+	conf_software_version = bstr_create_from_cfgstr(CONF_DEFAULT_SOFTWARE_VERSION);
 	conf_serial_no = bstr_create_from_cfgstr(CONF_DEFAULT_SERIAL_NO);
 }
--- a/src/wtp/wtp_conf.h
+++ b/src/wtp/wtp_conf.h
@ -22,7 +22,7 @@ extern uint32_t * conf_hardware_vendor_id;
 extern uint8_t * conf_hardware_version;
 extern uint8_t * conf_model_no;
-extern uint8_t * cont_serial_no;
+extern uint8_t * conf_serial_no;
--- a/src/wtp/wtp_interface.c
+++ b/src/wtp/wtp_interface.c
@ -13,9 +13,12 @@
 struct wtpinfo * get_wtpinfo()
 {
 	struct wtpinfo * wtpinfo;
 	wtpinfo=malloc(sizeof(struct wtpinfo));
 	memset(wtpinfo,0,sizeof(struct wtpinfo));
 	wtpinfo->capwap_mode=CWMODE_CISCO;
 	wtpinfo->name = (uint8_t*)"wtp";
 	wtpinfo->location = (uint8_t*)"Unknown";
@ -26,7 +29,7 @@ struct wtpinfo * get_wtpinfo()
 	}
 */
-	wtpinfo->serial_no="123456789";
+	wtpinfo->serial_no=conf_serial_no;
 	wtpinfo->vendor_id=conf_vendor_id;
 	wtpinfo->model_no=conf_model_no;
--- a/src/wtp/wtp_uci.default.conf
+++ b/src/wtp/wtp_uci.default.conf
@ -18,6 +18,10 @@ config 'wtp'
 	option ssl_cert
 	option ssl_key
 	# ciphers
 	# 
 	option ssl_cipher
 	# vendor id
 	# set the vendor id as integer value
 	# default is gnu
@ -29,7 +33,7 @@ config 'wtp'
 config 'dbg'
-	# defbug options 
+	# debug options 
 	option dtls		0
 	option dtls_detail	0
 	option dtls_bio		0
--- a/ssl/mkcert.sh
+++ b/ssl/mkcert.sh
@ -34,7 +34,7 @@ createcert()
 		PREF="$TYPE-"
 	fi
 	$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE
-	$OPENSSL req -sha1 -new -key $DIR/$NAME.key -out $DIR/$NAME.req   \
+	$OPENSSL req -sha256 -new -key $DIR/$NAME.key -out $DIR/$NAME.req   \
       		 -subj "$SUBJ"
@ -74,16 +74,22 @@ fi
 if [ "$TYPE" = "cisco-ap" ]
 then
 	PREF="$2-"
 #	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
 #	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
 #	SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
 	#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
 #	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
 #	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
 #	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0019dbe09327/emailAddress=support@cisco.com"
-	createcert "$SUBJ"
+
       openssl req -nodes -new -x509 \
                -sha1 \
                -extensions v3_ca \
                -days 3650 \
                -newkey rsa:2048 \
                -keyout certs/${NAME}.key -out certs/${NAME}.crt \
                -config openssl.cnf \
                -x509 \
                -subj "$SUBJ"
 	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
 #	createcert "$SUBJ"
 fi
--- a/ssl/openssl-crt.cnf
+++ b/ssl/openssl-crt.cnf
@ -72,7 +72,7 @@ cert_opt 	= ca_default		# Certificate field options
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1 #md5			# use public key default MD
+default_md	= sha256 #md5			# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier= hash
 authorityKeyIdentifier=keyid:always,issuer:always
 authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.
--- a/ssl/openssl-int.cnf
+++ b/ssl/openssl-int.cnf
@ -237,6 +237,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectKeyIdentifier= hash
 authorityKeyIdentifier=keyid:always,issuer:always
 authorityInfoAccess=caIssuers;URI:http://my.ca/ca.html
 # This is what PKIX recommends but some broken software chokes on critical
 # extensions.