work on dtls

FossilOrigin-Name: 8b02ed99e3287eaa044a4f4c6c8b61ab6f1a14983db99accb43b5be8425befe8
This commit is contained in:
7u83@mail.ru 2018-04-01 23:39:08 +00:00
parent c038599910
commit fb7331173e
25 changed files with 150 additions and 103 deletions

View File

@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<CodeLite_Workspace Name="actube" Database=""> <CodeLite_Workspace Name="actube" Database="">
<Project Name="ac" Path="ac.project" Active="Yes"/> <Project Name="ac" Path="ac.project" Active="No"/>
<Project Name="wtp" Path="wtp.project" Active="No"/> <Project Name="wtp" Path="wtp.project" Active="No"/>
<Project Name="mod_cipwap" Path="mod_cipwap.project" Active="No"/> <Project Name="mod_cipwap" Path="mod_cipwap.project" Active="No"/>
<Project Name="mod_capwap" Path="mod_capwap.project" Active="No"/> <Project Name="mod_capwap" Path="mod_capwap.project" Active="No"/>
<Project Name="mod_cisco" Path="mod_cisco.project" Active="No"/> <Project Name="mod_cisco" Path="mod_cisco.project" Active="No"/>
<Project Name="libcw" Path="libcw.project" Active="No"/> <Project Name="libcw" Path="libcw.project" Active="Yes"/>
<Project Name="mod_capwap80211" Path="mod_capwap80211.project" Active="No"/> <Project Name="mod_capwap80211" Path="mod_capwap80211.project" Active="No"/>
<Project Name="mod_fortinet" Path="mod_fortinet.project" Active="No"/> <Project Name="mod_fortinet" Path="mod_fortinet.project" Active="No"/>
<BuildMatrix> <BuildMatrix>

View File

@ -274,6 +274,7 @@
<File Name="src/cw/cw_setup_dtls.c"/> <File Name="src/cw/cw_setup_dtls.c"/>
<File Name="src/cw/cw_ktv_replace.c"/> <File Name="src/cw/cw_ktv_replace.c"/>
<File Name="src/cw/cw_ktv_set_byte.c"/> <File Name="src/cw/cw_ktv_set_byte.c"/>
<File Name="src/cw/conn_q_wait_packet.c"/>
</VirtualDirectory> </VirtualDirectory>
</VirtualDirectory> </VirtualDirectory>
<Description/> <Description/>

View File

@ -4,7 +4,7 @@ include ../Config.mak
# Define witch SSL library to use # Define witch SSL library to use
# OPENSSL or GNUTLS # OPENSSL or GNUTLS
# #
SSL_LIBRARY=OPENSSL SSL_LIBRARY=GNUTLS
CFLAGS += -I/usr/include/libnl3 CFLAGS += -I/usr/include/libnl3
CFLAGS += -I../contrib/uci CFLAGS += -I../contrib/uci

View File

@ -99,5 +99,5 @@ deps:
makedepend *.c -f.depend makedepend *.c -f.depend
-include $(AC_DEPS) -include .depend

View File

@ -532,7 +532,10 @@ void process_cw_ctrl_packet (int index, struct sockaddr *addr, uint8_t * buffer,
wtplist_lock(); wtplist_lock();
struct wtpman *wtpman = wtplist_get (addr); struct wtpman *wtpman = wtplist_get (addr);
printf("Seaching for packet %s\n",sock_addr2str(addr,sock_buf));
if (!wtpman) { if (!wtpman) {
wtpman = wtpman_create (index, addr); wtpman = wtpman_create (index, addr);
@ -592,11 +595,12 @@ void process_lw_ctrl_packet (int index, struct sockaddr *addr, uint8_t * buffer,
wtplist_lock(); wtplist_lock();
struct wtpman *wtpman = wtplist_get (addr); struct wtpman *wtpman = wtplist_get (addr);
if (!wtpman) { if (!wtpman) {
wtpman = wtpman_create (index, addr); wtpman = wtpman_create (index, addr);
if (!wtpman) { if (!wtpman) {
cw_log (LOG_ERR, "Error creating wtpman: %s", strerror (errno)); cw_log (LOG_ERR, "Error creating wtpman: %s", strerror (errno));
wtplist_unlock(); wtplist_unlock();

View File

@ -7,6 +7,7 @@ ac-descriptor/stations:Word:05
ac-descriptor/station-limit:Word:6 ac-descriptor/station-limit:Word:6
ac-descriptor/active-wtps:Word:7 ac-descriptor/active-wtps:Word:7
ac-descriptor/max-wtps:Word:8 ac-descriptor/max-wtps:Word:8
ac-descriptor/security:Byte:2
ac-descriptor/software/version:Bstr16:.x090103 ac-descriptor/software/version:Bstr16:.x090103
ac-descriptor/software/vendor:Dword:.1234 ac-descriptor/software/vendor:Dword:.1234
@ -15,7 +16,7 @@ ac-descriptor/hardware/version:Bstr16:"1.7.3"
ac-name:Bstr16:"TubesAC" ac-name:Bstr16:"TubesAC"
capwap-control-ip-address/address.0:IPAddress:192.168.0.14 capwap-control-ip-address/address.0:IPAddress:192.168.0.14
capwap-control-ip-address/address.1:IPAddress:2a00:c1a0:48c6:4a00:9965:1b6e:aca3:1398 #capwap-control-ip-address/address.1:IPAddress:2a00:c1a0:48c6:4a00:9965:1b6e:aca3:1398
capwap-control-ip-address/wtps.0:Word:0 capwap-control-ip-address/wtps.0:Word:0
capwap-control-ip-address/wtps.1:Word:11 #capwap-control-ip-address/wtps.1:Word:11

View File

@ -43,7 +43,7 @@ static struct connlist * connlist;
int wtplist_init() int wtplist_init()
{ {
connlist = connlist_create(0); connlist = connlist_create(0,0);
if (!connlist) if (!connlist)
return 0; return 0;

View File

@ -45,7 +45,7 @@
static void reset_echointerval_timer(struct wtpman *wtpman) static void reset_echointerval_timer(struct wtpman *wtpman)
{ {
char sock_buf[SOCK_ADDR_BUFSIZE]; /* char sock_buf[SOCK_ADDR_BUFSIZE];*/
/* uint16_t ct = mbag_get_word(wtpman->conn->local, CW_ITEM_CAPWAP_TIMERS, /* uint16_t ct = mbag_get_word(wtpman->conn->local, CW_ITEM_CAPWAP_TIMERS,
CW_MAX_DISCOVERY_INTERVAL << 8 | CW_MAX_DISCOVERY_INTERVAL << 8 |
CAPWAP_ECHO_INTERVAL); CAPWAP_ECHO_INTERVAL);
@ -66,7 +66,6 @@ static int msg_start_handler(struct conn *conn, struct cw_action_in *a, uint8_t
{ {
struct wtpman *wtpman = conn->data; struct wtpman *wtpman = conn->data;
reset_echointerval_timer(wtpman); reset_echointerval_timer(wtpman);
return 0; return 0;
} }
@ -85,38 +84,23 @@ static void wtpman_remove(struct wtpman *wtpman)
static void wtpman_run_discovery(void *arg) static void wtpman_run_discovery(void *arg)
{ {
struct wtpman *wtpman = (struct wtpman *) arg; struct wtpman *wtpman = (struct wtpman *) arg;
time_t timer = cw_timer_start(10); time_t timer = cw_timer_start(10);
wtpman->conn->capwap_state = CAPWAP_STATE_DISCOVERY; wtpman->conn->capwap_state = CAPWAP_STATE_DISCOVERY;
/*// wtpman->conn->actions = &capwap_actions;*/ wtpman->conn->remote_cfg = cw_ktv_create();
/* wtpman->conn->outgoing = mbag_create();
wtpman->conn->incomming = mbag_create();
*/
wtpman->conn->remote_cfg = cw_ktv_create(); /*//mavl_cmp_kv,NULL,1312);*/
while (!cw_timer_timeout(timer) while (!cw_timer_timeout(timer)
&& wtpman->conn->capwap_state == CAPWAP_STATE_DISCOVERY) { && wtpman->conn->capwap_state == CAPWAP_STATE_DISCOVERY) {
cw_read_messages(wtpman->conn); int rc;
rc = cw_read_messages(wtpman->conn);
if (cw_result_is_ok(rc)){
wtpman->conn->capwap_state=CAPWAP_STATE_JOIN;
}
} }
/*
// struct mbag_item *wn = mbag_get(wtpman->conn->incomming, CW_ITEM_WTP_NAME);
// if (wn) {
// printf("WTP Name: %s\n", wn->data);
// exit(0);
// }
*/
wtpman_remove(wtpman);
return; return;
} }
/* /*
@ -138,6 +122,7 @@ int xprocess_message(struct conn *conn, uint8_t * rawmsg, int rawlen,
static int wtpman_establish_dtls(void *arg) static int wtpman_establish_dtls(void *arg)
{ {
int dtls_ok;
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
struct wtpman *wtpman = (struct wtpman *) arg; struct wtpman *wtpman = (struct wtpman *) arg;
@ -145,7 +130,7 @@ static int wtpman_establish_dtls(void *arg)
wtpman->conn->dtls_cipher = conf_sslcipher; wtpman->conn->dtls_cipher = conf_sslcipher;
/* setup DTSL certificates */ /* setup DTSL certificates */
int dtls_ok = 0; dtls_ok = 0;
if (conf_sslkeyfilename && conf_sslcertfilename) { if (conf_sslkeyfilename && conf_sslcertfilename) {
@ -186,6 +171,7 @@ static int wtpman_establish_dtls(void *arg)
static int wtpman_join(void *arg, time_t timer) static int wtpman_join(void *arg, time_t timer)
{ {
int rc;
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
struct wtpman *wtpman = (struct wtpman *) arg; struct wtpman *wtpman = (struct wtpman *) arg;
struct conn *conn = wtpman->conn; struct conn *conn = wtpman->conn;
@ -210,7 +196,7 @@ static int wtpman_join(void *arg, time_t timer)
cw_dbg(DBG_INFO, "Join State - %s", sock_addr2str(&conn->addr,sock_buf)); cw_dbg(DBG_INFO, "Join State - %s", sock_addr2str(&conn->addr,sock_buf));
int rc;
while (!cw_timer_timeout(timer) && wtpman->conn->capwap_state == CAPWAP_STATE_JOIN) { while (!cw_timer_timeout(timer) && wtpman->conn->capwap_state == CAPWAP_STATE_JOIN) {
rc = cw_read_messages(wtpman->conn); rc = cw_read_messages(wtpman->conn);
if (rc < 0) { if (rc < 0) {
@ -301,7 +287,7 @@ void wtpman_run_data(void *wtpman_arg)
{ {
return; return;
/*
struct wtpman *wtpman = (struct wtpman *) wtpman_arg; struct wtpman *wtpman = (struct wtpman *) wtpman_arg;
struct conn *conn = wtpman->conn; struct conn *conn = wtpman->conn;
@ -312,10 +298,10 @@ void wtpman_run_data(void *wtpman_arg)
cw_log(LOG_ERR, "I am the data thread**********************************************************************\n"); cw_log(LOG_ERR, "I am the data thread**********************************************************************\n");
while (1) { while (1) {
sleep(5); sleep(5);
/*// conn->write_data(conn, data, 100);*/ / // conn->write_data(conn, data, 100); /
cw_log(LOG_ERR, "O was the data thread***********************************************************\n"); cw_log(LOG_ERR, "O was the data thread***********************************************************\n");
} }
*/
} }
@ -324,33 +310,59 @@ void wtpman_run_data(void *wtpman_arg)
static void wtpman_run(void *arg) static void wtpman_run(void *arg)
{ {
int rc ;
time_t timer;
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
struct conn *conn;
struct wtpman *wtpman = (struct wtpman *) arg; struct wtpman *wtpman = (struct wtpman *) arg;
wtpman->conn->seqnum = 0; wtpman->conn->seqnum = 0;
struct conn *conn = wtpman->conn; conn = wtpman->conn;
/* We were invoked with an unencrypted packet,
* so assume, it is a discovery request */
if (!wtpman->dtlsmode){
wtpman_run_discovery(arg);
if (conn->capwap_state==CAPWAP_STATE_DISCOVERY){
wtpman_remove(wtpman);
return;
}
}
/* reject connections to our multi- or broadcast sockets */ /* reject connections to our multi- or broadcast sockets */
/* if (socklist[wtpman->socklistindex].type != SOCKLIST_UNICAST_SOCKET) { if (socklist[wtpman->socklistindex].type != SOCKLIST_UNICAST_SOCKET) {
cw_dbg(DBG_DTLS, "Dropping connection from %s to non-unicast socket.", cw_dbg(DBG_DTLS,"Reject multi");
/* cw_dbg(DBG_DTLS, "Dropping connection from %s to non-unicast socket.",
CLIENT_IP); CLIENT_IP);
*/ wtpman_remove(wtpman);
return;
}
cw_dbg(DBG_INFO,"Wait for next packedt");
/* wait for next packet */
rc = conn_q_wait_packet(conn,30);
if (rc != 0){
cw_dbg(DBG_INFO,"Wait for next packedt no next remove");
wtpman_remove(wtpman); wtpman_remove(wtpman);
return; return;
} }
*/
time_t timer = cw_timer_start(wtpman->conn->wait_dtls);
timer = cw_timer_start(wtpman->conn->wait_dtls);
cw_dbg(DBG_INFO,"Establish DTSL Timer done");
/* establish dtls session */ /* establish dtls session */
/* if (!wtpman_establish_dtls(wtpman)) { if (!wtpman_establish_dtls(wtpman)) {
wtpman_remove(wtpman); wtpman_remove(wtpman);
return; return;
} }
*/ cw_dbg(DBG_INFO,"Establish DTSL Timer xxx");
/* dtls is established, goto join state */ /* dtls is established, goto join state */
if (!wtpman_join(wtpman, timer)) { if (!wtpman_join(wtpman, timer)) {
@ -378,7 +390,7 @@ static void wtpman_run(void *arg)
or an configuration status request. Nothing else. or an configuration status request. Nothing else.
*/ */
int rc = 0; rc = 0;
while (!cw_timer_timeout(timer) while (!cw_timer_timeout(timer)
&& wtpman->conn->capwap_state == CW_STATE_CONFIGURE) { && wtpman->conn->capwap_state == CW_STATE_CONFIGURE) {
rc = cw_read_messages(wtpman->conn); rc = cw_read_messages(wtpman->conn);
@ -542,6 +554,7 @@ void wtpman_destroy(struct wtpman *wtpman)
struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr) struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr)
{ {
int sockfd, replyfd;;
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
struct wtpman *wtpman; struct wtpman *wtpman;
wtpman = malloc(sizeof(struct wtpman)); wtpman = malloc(sizeof(struct wtpman));
@ -550,7 +563,7 @@ struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr)
memset(wtpman, 0, sizeof(struct wtpman)); memset(wtpman, 0, sizeof(struct wtpman));
int replyfd;
if (socklist[socklistindex].type != SOCKLIST_UNICAST_SOCKET) { if (socklist[socklistindex].type != SOCKLIST_UNICAST_SOCKET) {
int port = sock_getport(&socklist[socklistindex].addr); int port = sock_getport(&socklist[socklistindex].addr);
@ -566,7 +579,7 @@ struct wtpman *wtpman_create(int socklistindex, struct sockaddr *srcaddr)
replyfd = socklist[socklistindex].sockfd; replyfd = socklist[socklistindex].sockfd;
} }
int sockfd = replyfd; /*//socklist[socklistindex].reply_sockfd; sockfd = replyfd; /*//socklist[socklistindex].reply_sockfd;
*/ */
struct sockaddr dbgaddr; struct sockaddr dbgaddr;
@ -625,41 +638,14 @@ void wtpman_addpacket(struct wtpman *wtpman, uint8_t * packet, int len)
conn_q_add_packet(wtpman->conn, packet, len); conn_q_add_packet(wtpman->conn, packet, len);
} }
void wtpman_start(struct wtpman *wtpman, int dtlsmode) void wtpman_start(struct wtpman *wtpman, int dtlsmode)
{ {
cw_dbg(DBG_INFO, "Starting wtpman, DTLS mode = %d",dtlsmode);
wtpman->dtlsmode=dtlsmode;
pthread_create(&wtpman->thread, NULL, (void *) wtpman_run, pthread_create(&wtpman->thread, NULL, (void *) wtpman_run,
(void *) wtpman); (void *) wtpman);
return; return;
}
/*
if (dtlsmode) {
cw_dbg(DBG_INFO, "Starting wtpman in DTLS mode");
pthread_create(&wtpman->thread, NULL, (void *) wtpman_run_dtls,
(void *) wtpman);
} else {
cw_dbg(DBG_INFO, "Starting wtpman in non-dtls mode");
if (nodtls) {
wtpman->conn->process_message = xprocess_message;
pthread_create(&wtpman->thread, NULL, (void *) wtpman_run,
(void *) wtpman);
return;
}
pthread_create(&wtpman->thread, NULL, (void *) wtpman_run_discovery,
(void *) wtpman);
}
*/
}

View File

@ -26,6 +26,7 @@ struct wtpman{
int socklistindex; int socklistindex;
int connected; int connected;
int dtlsmode;
cw_timer_t echointerval_timer; cw_timer_t echointerval_timer;

View File

@ -224,6 +224,7 @@ MISCSRC=\
conn_process_packet.c\ conn_process_packet.c\
conn_q_add_packet.c\ conn_q_add_packet.c\
conn_q_get_packet.c\ conn_q_get_packet.c\
conn_q_wait_packet.c\
conn_q_recv_packet.c\ conn_q_recv_packet.c\
conn_recv_packet.c\ conn_recv_packet.c\
conn_send_data_packet.c\ conn_send_data_packet.c\

View File

@ -298,6 +298,7 @@ struct cwrmsg *conn_wait_for_message(struct conn *conn, time_t timer);
struct cwrmsg *conn_wait_for_request(struct conn *conn, int *msglist, time_t timer); struct cwrmsg *conn_wait_for_request(struct conn *conn, int *msglist, time_t timer);
int conn_q_wait_packet(struct conn * conn, int seconds);
#define conn_is_error(conn) (conn->dtls_error) #define conn_is_error(conn) (conn->dtls_error)

View File

@ -0,0 +1,20 @@
#include <errno.h>
#include <time.h>
#include "conn.h"
int conn_q_wait_packet(struct conn * conn, int seconds)
{
struct timespec timespec;
clock_gettime(CLOCK_REALTIME,&timespec);
timespec.tv_sec+=seconds;
/* wait one second to get a packet */
if (sem_timedwait(&conn->q_sem,&timespec)==-1){
return EAGAIN;
};
return 0;
}

View File

@ -35,16 +35,24 @@
#include "sock.h" #include "sock.h"
#include "dbg.h"
static int cmp_by_addr_p ( const void * d1, const void *d2 )
{
struct conn * c1 = * ( void ** ) d1 ;
struct conn * c2 = * ( void ** ) d2 ;
return sock_cmpaddr ( ( struct sockaddr* ) &c1->addr, ( struct sockaddr* ) &c2->addr, 1 );
}
static int cmp_by_addr ( const void * d1, const void *d2 ) static int cmp_by_addr ( const void * d1, const void *d2 )
{ {
struct conn * c1 = * ( void ** ) d1 ; struct conn * c1 = * ( void ** ) d1 ;
struct conn * c2 = * ( void ** ) d2 ; struct conn * c2 = * ( void ** ) d2 ;
return sock_cmpaddr ( ( struct sockaddr* ) &c1->addr, ( struct sockaddr* ) &c2->addr, 0 );
return sock_cmpaddr ( ( struct sockaddr* ) &c1->addr, ( struct sockaddr* ) &c2->addr, 1 );
} }
static int cmp_by_session_id ( const void *d1, const void *d2 ) static int cmp_by_session_id ( const void *d1, const void *d2 )
{ {
struct conn * c1 = *( void ** ) d1; struct conn * c1 = *( void ** ) d1;
@ -52,7 +60,13 @@ static int cmp_by_session_id ( const void *d1, const void *d2 )
return memcmp ( c1->session_id, c2->session_id, 16 ); return memcmp ( c1->session_id, c2->session_id, 16 );
} }
struct connlist * connlist_create ( int len ) /**
* @brief Create a connection list
* @param len initial length
* @param cmpports compare ports
* @return the create connection list or NULL if an error has occured.
*/
struct connlist * connlist_create ( int len, int cmpports )
{ {
struct connlist * cl = malloc ( sizeof ( struct connlist ) ); struct connlist * cl = malloc ( sizeof ( struct connlist ) );
@ -60,8 +74,12 @@ struct connlist * connlist_create ( int len )
if ( !cl ) if ( !cl )
return 0; return 0;
if (cmpports){
cl->by_addr = mavl_create_ptr ( cmp_by_addr, NULL ); cl->by_addr = mavl_create_ptr ( cmp_by_addr_p, NULL );
}
else{
cl->by_addr = mavl_create_ptr ( cmp_by_addr, NULL );
}
if ( !cl->by_addr ) { if ( !cl->by_addr ) {
free ( cl ); free ( cl );

View File

@ -18,7 +18,7 @@ struct connlist {
}; };
struct connlist *connlist_create(int len); struct connlist *connlist_create(int len, int cmpports);
void connlist_lock(struct connlist *cl); void connlist_lock(struct connlist *cl);
void connlist_unlock(struct connlist *cl); void connlist_unlock(struct connlist *cl);
void conlist_destroy(struct connlist *cl); void conlist_destroy(struct connlist *cl);

View File

@ -32,15 +32,15 @@
#define dtls_shutdown dtls_gnutls_shutdown #define dtls_shutdown dtls_gnutls_shutdown
#define dtls_get_cipher dtls_gnutls_get_cipher #define dtls_get_cipher dtls_gnutls_get_cipher
#define dtls_get_peers_cert dtls_gnutls_get_peers_cert #define dtls_get_peers_cert dtls_gnutls_get_peers_cert
#endif
#else #ifdef WITH_OPENSSL
#include "dtls_openssl.h" #include "dtls_openssl.h"
#define dtls_init dtls_openssl_init #define dtls_init dtls_openssl_init
#define dtls_accept dtls_openssl_accept #define dtls_accept dtls_openssl_accept
#define dtls_connect dtls_openssl_connect #define dtls_connect dtls_openssl_connect
#define dtls_shutdown dtls_openssl_shutdown #define dtls_shutdown dtls_openssl_shutdown
#define dtls_get_cipher dtls_openssl_get_cipher #define dtls_get_cipher dtls_openssl_get_cipher
#endif #endif

View File

@ -27,7 +27,7 @@
#include "log.h" #include "log.h"
#include "dbg.h" #include "dbg.h"
#include "dtls.h" /*#include "dtls.h"*/
/** /**

View File

@ -38,6 +38,7 @@
int dtls_gnutls_accept(struct conn *conn) int dtls_gnutls_accept(struct conn *conn)
{ {
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
char cookie_buf[SOCK_ADDR_BUFSIZE];
struct dtls_gnutls_data *d; struct dtls_gnutls_data *d;
uint8_t buffer[2048]; uint8_t buffer[2048];
int tlen, rc; int tlen, rc;
@ -48,14 +49,13 @@ int dtls_gnutls_accept(struct conn *conn)
gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE); gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
cw_dbg(DBG_DTLS, "Session cookie for %s generated: %s", cw_dbg(DBG_DTLS, "Session cookie for %s generated: %s",
sock_addr2str(&conn->addr,sock_buf), sock_hwaddrtostr((uint8_t *) (&cookie_key), sock_addr2str(&conn->addr,sock_buf),
sizeof(cookie_key),sock_buf,"")); sock_hwaddrtostr((uint8_t *) (&cookie_key),
sizeof(cookie_key),cookie_buf,""));
memset(&prestate, 0, sizeof(prestate)); memset(&prestate, 0, sizeof(prestate));
tlen = dtls_gnutls_bio_read(conn, buffer, sizeof(buffer)); tlen = dtls_gnutls_bio_read(conn, buffer, sizeof(buffer));
gnutls_dtls_cookie_send(&cookie_key, &conn->addr, sizeof(conn->addr), gnutls_dtls_cookie_send(&cookie_key, &conn->addr, sizeof(conn->addr),

View File

@ -28,7 +28,7 @@
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include "dtls.h" #include "dtls_common.h"
#include "dtls_gnutls.h" #include "dtls_gnutls.h"
#include "capwap.h" #include "capwap.h"
#include "timer.h" #include "timer.h"

View File

@ -24,7 +24,7 @@
#include "gnutls/dtls.h" #include "gnutls/dtls.h"
#include "dtls.h" #include "dtls_common.h"
#include "dtls_gnutls.h" #include "dtls_gnutls.h"
#include "conn.h" #include "conn.h"

View File

@ -4,7 +4,8 @@
#include "conn.h" #include "conn.h"
#include "dtls.h" /*#include "dtls.h"*/
#include "dtls_common.h"
#include "dtls_gnutls.h" #include "dtls_gnutls.h"
struct dtls_ssl_cert dtls_gnutls_get_peers_cert(struct conn * conn,unsigned int n) struct dtls_ssl_cert dtls_gnutls_get_peers_cert(struct conn * conn,unsigned int n)

View File

@ -25,7 +25,7 @@
#include <errno.h> #include <errno.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include "dtls_openssl.h" #include "dtls_openssl.h"
#include "dtls.h" #include "dtls_common.h"
#include <openssl/bio.h> #include <openssl/bio.h>

View File

@ -24,7 +24,9 @@ static int put_ac_status(mavl_t global, mavl_t local, uint8_t *dst, const char *
d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/station-limit",0)); d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/station-limit",0));
d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/active-wtps",0)); d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/active-wtps",0));
d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/max-wtps",0)); d += cw_put_word(d,cw_ktv_get_word(global,"ac-descriptor/max-wtps",0));
d += cw_put_byte(d,cw_ktv_get_byte(global,"ac-descriptor/security",0));
/*
security = 0; security = 0;
if (cw_ktv_get(local,"dtls-cert-file",CW_TYPE_BSTR16)) if (cw_ktv_get(local,"dtls-cert-file",CW_TYPE_BSTR16))
security |= CAPWAP_FLAG_AC_SECURITY_X; security |= CAPWAP_FLAG_AC_SECURITY_X;
@ -36,7 +38,7 @@ static int put_ac_status(mavl_t global, mavl_t local, uint8_t *dst, const char *
cw_log(LOG_WARNING,"No AC security selected"); cw_log(LOG_WARNING,"No AC security selected");
} }
d += cw_put_byte(dst,security); d += cw_put_byte(dst,security);
*/
sprintf(key,"%s/%s",parent_key,CW_SKEY_RMAC_FIELD); sprintf(key,"%s/%s",parent_key,CW_SKEY_RMAC_FIELD);
d += cw_put_byte(d,cw_ktv_get_byte(local,key,0)); d += cw_put_byte(d,cw_ktv_get_byte(local,key,0));

View File

@ -4,6 +4,8 @@
capwap/ssl-certfile:Str:"../../ssl/certs/wtp.crt" capwap/ssl-certfile:Str:"../../ssl/certs/wtp.crt"
capwap/ssl-keyfile:Str:"../../ssl/certs/wtp.key" capwap/ssl-keyfile:Str:"../../ssl/certs/wtp.key"
capwap/ssl-cipher:Str:ALL
cisco/ssl-certfile:Str:"../../ssl/certs/wtp.crt" cisco/ssl-certfile:Str:"../../ssl/certs/wtp.crt"
cisco/ssl-keyfile:Str:"../../ssl/certs/wtp.key" cisco/ssl-keyfile:Str:"../../ssl/certs/wtp.key"

View File

@ -105,9 +105,14 @@ int run_join_d(struct conn * conn, struct sockaddr *sa)
int sockfd; int sockfd;
int rsec,lsec; int rsec,lsec;
int rc;
printf("JOINFD: %s\n",sock_addr2str_p(sa,addrstr));
lsec = cw_ktv_get_byte(conn->local_cfg,"ac-descriptor/security",0); lsec = cw_ktv_get_byte(conn->local_cfg,"ac-descriptor/security",0);
rsec = cw_ktv_get_byte(conn->remote_cfg,"ac-descriptor/security",0); rsec = cw_ktv_get_byte(conn->remote_cfg,"ac-descriptor/security",0);
printf("Anding my and remote %d %d %d\n",lsec,rsec, rsec & lsec);
if ((lsec & rsec) == 0){ if ((lsec & rsec) == 0){
cw_log(LOG_ERR, "Can't establish DTLS with AC, my sec: %d, remote sec %d",lsec,rsec); cw_log(LOG_ERR, "Can't establish DTLS with AC, my sec: %d, remote sec %d",lsec,rsec);
@ -132,10 +137,10 @@ int run_join_d(struct conn * conn, struct sockaddr *sa)
/* we call connect to bind this socket to a local IP address, /* we call connect to bind this socket to a local IP address,
* which we can later obtain by getsockname */ * which we can later obtain by getsockname */
/* rc = connect(sockfd, (struct sockaddr *) sa, rc = connect(sockfd, (struct sockaddr *) sa,
sock_addrlen((struct sockaddr *) sa)); sock_addrlen((struct sockaddr *) sa));
if (rc < 0) { /* if (rc < 0) {
cw_log(LOG_ERR, "Can't connect to %s: %s\n", sock_addr2str(sa), cw_log(LOG_ERR, "Can't connect to %s: %s\n", sock_addr2str(sa),
strerror(errno)); strerror(errno));
close(sockfd); close(sockfd);
@ -169,6 +174,9 @@ int run_join_d(struct conn * conn, struct sockaddr *sa)
close(sockfd); close(sockfd);
return 0; return 0;
} }
*/
rc = dtls_connect(conn); rc = dtls_connect(conn);
@ -185,7 +193,7 @@ int run_join_d(struct conn * conn, struct sockaddr *sa)
sock_addr2str(sa,addrstr)); sock_addr2str(sa,addrstr));
*/
return 1; return 1;
} }
@ -267,6 +275,7 @@ int join(struct conn * conn, struct cw_DiscoveryResult * dis)
*/ */
sock_strtoaddr(ipstr,(struct sockaddr*)(&sockaddr)); sock_strtoaddr(ipstr,(struct sockaddr*)(&sockaddr));
sock_setport((struct sockaddr*)&sockaddr,5246);
run_join_d(conn,(struct sockaddr*)(&sockaddr)); run_join_d(conn,(struct sockaddr*)(&sockaddr));
} }

View File

@ -11,7 +11,7 @@
#include "cw/msgset.h" #include "cw/msgset.h"
#include "cw/cw.h" #include "cw/cw.h"
#include "cw/dtls.h"
#include "wtp.h" #include "wtp.h"
#define MAX_MODS 32 #define MAX_MODS 32
@ -161,7 +161,7 @@ int main (int argc, char **argv)
/*cw_dbg_ktv_dump(conn->local_cfg,DBG_INFO,"head","BREP: ","bot");*/ /*cw_dbg_ktv_dump(conn->local_cfg,DBG_INFO,"head","BREP: ","bot");*/
dtls_init();
cw_discovery_init_results(&dis); cw_discovery_init_results(&dis);