void ftpServerDataEventHandler(FtpServerContext *context,
FtpClientConnection * connection, uint_t eventFlags)
{
//Any connection attempt?
if(connection->dataState == FTP_DATA_STATE_LISTEN)
{
//Accept data connection
ftpServerAcceptDataConnection(connection);
}
//Ready to send data?
else if(connection->dataState == FTP_DATA_STATE_SEND)
{
//Send more data to the remote host
ftpServerSendData(context, connection);
}
//Any data pending in the receive buffer?
else if(connection->dataState == FTP_DATA_STATE_RECEIVE)
{
//Process incoming data
ftpServerReceiveData(context, connection);
}
//Data are transmitted and acknowledged?
else if(connection->dataState == FTP_DATA_STATE_WAIT_ACK)
{
//Disable transmission
socketShutdown(connection->dataSocket, SOCKET_SD_SEND);
//Next state
connection->dataState = FTP_DATA_STATE_SHUTDOWN_TX;
}
//Transmission is shut down?
else if(connection->dataState == FTP_DATA_STATE_SHUTDOWN_TX)
{
//Disable reception
socketShutdown(connection->dataSocket, SOCKET_SD_RECEIVE);
//Next state
connection->dataState = FTP_DATA_STATE_SHUTDOWN_RX;
}
//Reception is shut down?
else if(connection->dataState == FTP_DATA_STATE_SHUTDOWN_RX)
{
//Close the data connection
ftpServerCloseDataConnection(connection);
//Back to idle state
connection->controlState = FTP_CONTROL_STATE_IDLE;
//Transfer status
strcpy(connection->response, "226 Transfer complete\r\n");
//Debug message
TRACE_DEBUG("FTP server: %s", connection->response);
//Number of bytes in the response buffer
connection->responseLength = strlen(connection->response);
connection->responsePos = 0;
}
}
int_t shutdown(int_t s, int_t how)
{
error_t error;
Socket *socket;
//Make sure the socket descriptor is valid
if(s < 0 || s >= SOCKET_MAX_COUNT)
{
socketError(NULL, ERROR_INVALID_SOCKET);
return SOCKET_ERROR;
}
//Point to the socket structure
socket = &socketTable[s];
//Shutdown socket
error = socketShutdown(socket, how);
//Any error to report?
if(error)
{
socketError(socket, error);
return SOCKET_ERROR;
}
//Successful processing
return SOCKET_SUCCESS;
}
error_t ftpCloseFile(FtpClientContext *context)
{
error_t error;
uint_t replyCode;
//Invalid context?
if(context == NULL)
return ERROR_INVALID_PARAMETER;
//Graceful shutdown
socketShutdown(context->dataSocket, SOCKET_SD_BOTH);
//Close the data socket
socketClose(context->dataSocket);
context->dataSocket = NULL;
//Check the transfer status
error = ftpSendCommand(context, NULL, &replyCode);
//Any error to report?
if(error) return error;
//Check FTP response code
if(!FTP_REPLY_CODE_2YZ(replyCode))
return ERROR_UNEXPECTED_RESPONSE;
//Successful processing
return NO_ERROR;
}
void closeProxyConnection(struct proxyConnection *cp) {
if(!(cp->error || cp->done) && !(cp->secure_eof && cp->plain_eof))
return;
DLOG("Closing connection");
int secure_fd=cp->secure->fd;
int status=0;
if(cp->secure_up && !cp->error) {
sslWriteClosureAlert(cp->secure);
}
status=close(cp->secure->fd);
socketShutdown(cp->secure->fd);
sslFreeConnection(&cp->secure);
status=close(cp->plain);
socketShutdown(cp->plain);
memset(cp,0,sizeof(struct proxyConnection));
ILOG("Connection closed");
}
void tcpDiscardConnectionTask(void *param)
{
error_t error;
size_t n;
size_t byteCount;
systime_t startTime;
systime_t duration;
DiscardServiceContext *context;
//Get a pointer to the context
context = (DiscardServiceContext *) param;
//Get current time
startTime = osGetSystemTime();
//Total number of bytes received
byteCount = 0;
//Main loop
while(1)
{
//Throw away any received datagram...
error = socketReceive(context->socket, context->buffer, DISCARD_BUFFER_SIZE, &n, 0);
//Any error to report?
if(error) break;
//Total number of bytes received
byteCount += n;
}
//Graceful shutdown
socketShutdown(context->socket, SOCKET_SD_BOTH);
//Compute total duration
duration = osGetSystemTime() - startTime;
//Avoid division by zero...
if(!duration) duration = 1;
//Debug message
TRACE_INFO("Discard service: %" PRIuSIZE " bytes "
"received in %" PRIu32 " ms (%" PRIu32 " kBps, %" PRIu32 " kbps)\r\n",
byteCount, duration, byteCount / duration, (byteCount * 8) / duration);
//Close socket
socketClose(context->socket);
//Release previously allocated memory
osFreeMem(context);
//Kill ourselves
osDeleteTask(NULL);
}
void tcpEchoConnectionTask(void *param)
{
error_t error;
uint_t n;
uint_t writeIndex;
uint_t readIndex;
uint_t bufferLength;
uint_t rxByteCount;
uint_t txByteCount;
time_t startTime;
time_t duration;
SocketEventDesc eventDesc;
EchoServiceContext *context;
//Get a pointer to the context
context = (EchoServiceContext *) param;
//Get current time
startTime = osGetTickCount();
//Initialize variables
writeIndex = 0;
readIndex = 0;
bufferLength = 0;
rxByteCount = 0;
txByteCount = 0;
//Main loop
while(1)
{
//Buffer is empty?
if(!bufferLength)
{
//Get notified when the socket is readable
eventDesc.socket = context->socket;
eventDesc.eventMask = SOCKET_EVENT_RX_READY;
}
//Buffer is not empty of full?
else if(bufferLength < ECHO_BUFFER_SIZE)
{
//Get notified when the socket is readable or writable
eventDesc.socket = context->socket;
eventDesc.eventMask = SOCKET_EVENT_RX_READY | SOCKET_EVENT_TX_READY;
}
//Buffer is full?
else
{
//Get notified when the socket is writable
eventDesc.socket = context->socket;
eventDesc.eventMask = SOCKET_EVENT_TX_READY;
}
//Wait for an event to be fired
error = socketPoll(&eventDesc, 1, NULL, ECHO_TIMEOUT);
//Timeout error or any other exception to report?
if(error) break;
//The socket is available for reading
if(eventDesc.eventFlags & SOCKET_EVENT_RX_READY)
{
//Read as much data as possible
n = min(ECHO_BUFFER_SIZE - writeIndex, ECHO_BUFFER_SIZE - bufferLength);
//Read incoming data
error = socketReceive(context->socket, context->buffer + writeIndex, n, &n, 0);
//Any error to report?
if(error) break;
//Increment write index
writeIndex += n;
//Wrap around if necessary
if(writeIndex >= ECHO_BUFFER_SIZE)
writeIndex = 0;
//Increment buffer length
bufferLength += n;
//Total number of bytes received
rxByteCount += n;
}
//The socket is available for writing?
if(eventDesc.eventFlags & SOCKET_EVENT_TX_READY)
{
//Write as much data as possible
n = min(ECHO_BUFFER_SIZE - readIndex, bufferLength);
//Send data back to the client
error = socketSend(context->socket, context->buffer + readIndex, n, &n, 0);
//Any error to report?
if(error && error != ERROR_TIMEOUT) break;
//Increment read index
readIndex += n;
//Wrap around if necessary
if(readIndex >= ECHO_BUFFER_SIZE)
readIndex = 0;
//Update buffer length
bufferLength -= n;
//Total number of bytes sent
txByteCount += n;
}
}
//Adjust timeout value
socketSetTimeout(context->socket, ECHO_TIMEOUT);
//Graceful shutdown
socketShutdown(context->socket, SOCKET_SD_BOTH);
//Compute total duration
duration = osGetTickCount() - startTime;
//Debug message
TRACE_INFO("Echo service: %u bytes received, %u bytes sent in %lu ms\r\n",
rxByteCount, txByteCount, duration);
//Close socket
socketClose(context->socket);
//Release previously allocated memory
osMemFree(context);
//Kill ourselves
osTaskDelete(NULL);
}
int main(int argc, char **argv)
#endif
{
sslConn_t *cp;
sslKeys_t *keys;
SOCKET listenfd, fd;
WSADATA wsaData;
unsigned char buf[1024];
unsigned char *response, *c;
int responseHdrLen, acceptAgain, flags;
int bytes, status, quit, again, rc, err;
#if USE_MEM_CERTS
unsigned char *servBin, *servKeyBin, *caBin;
int servBinLen, caBinLen, servKeyBinLen;
#endif
cp = NULL;
/*
Initialize Windows sockets (no-op on other platforms)
*/
WSAStartup(MAKEWORD(1,1), &wsaData);
/*
Initialize the MatrixSSL Library, and read in the public key (certificate)
and private key.
*/
if (matrixSslOpen() < 0) {
fprintf(stderr, "matrixSslOpen failed, exiting...");
}
#if USE_MEM_CERTS
/*
Example of DER binary certs for matrixSslReadKeysMem
*/
getFileBin("certSrv.der", &servBin, &servBinLen);
getFileBin("privkeySrv.der", &servKeyBin, &servKeyBinLen);
getFileBin("CACertCln.der", &caBin, &caBinLen);
matrixSslReadKeysMem(&keys, servBin, servBinLen,
servKeyBin, servKeyBinLen, caBin, caBinLen);
free(servBin);
free(servKeyBin);
free(caBin);
#else
/*
Standard PEM files
*/
if (matrixSslReadKeys(&keys, certfile, keyfile, NULL, NULL) < 0) {
fprintf(stderr, "Error reading or parsing %s or %s.\n",
certfile, keyfile);
goto promptAndExit;
}
#endif /* USE_MEM_CERTS */
fprintf(stdout,
"Run httpsClient or type https://127.0.0.1:%d into your local Web browser.\n",
HTTPS_PORT);
/*
Create the listen socket
*/
if ((listenfd = socketListen(HTTPS_PORT, &err)) == INVALID_SOCKET) {
fprintf(stderr, "Cannot listen on port %d\n", HTTPS_PORT);
goto promptAndExit;
}
/*
Set blocking or not on the listen socket
*/
setSocketBlock(listenfd);
/*
Loop control initalization
*/
quit = 0;
again = 0;
flags = 0;
acceptAgain = 1;
/*
Main connection loop
*/
while (!quit) {
if (acceptAgain) {
/*
sslAccept creates a new server session
*/
/* TODO - deadlock on blocking socket accept. Should disable blocking here */
if ((fd = socketAccept(listenfd, &err)) == INVALID_SOCKET) {
fprintf(stdout, "Error accepting connection: %d\n", err);
continue;
}
if ((rc = sslAccept(&cp, fd, keys, NULL, flags)) != 0) {
socketShutdown(fd);
continue;
}
flags = 0;
acceptAgain = 0;
}
/*
Read response
< 0 return indicates an error.
0 return indicates an EOF or CLOSE_NOTIFY in this situation
> 0 indicates that some bytes were read. Keep reading until we see
the /r/n/r/n from the GET request. We don't actually parse the request,
we just echo it back.
*/
c = buf;
readMore:
if ((rc = sslRead(cp, c, sizeof(buf) - (int)(c - buf), &status)) > 0) {
c += rc;
if (c - buf < 4 || memcmp(c - 4, "\r\n\r\n", 4) != 0) {
goto readMore;
}
} else {
if (rc < 0) {
fprintf(stdout, "sslRead error. dropping connection.\n");
}
if (rc < 0 || status == SSLSOCKET_EOF ||
status == SSLSOCKET_CLOSE_NOTIFY) {
socketShutdown(cp->fd);
sslFreeConnection(&cp);
acceptAgain = 1;
continue;
}
goto readMore;
}
/*
Done reading. If the incoming data starts with the quitString,
quit the application after this request
*/
if (memcmp(buf, quitString, min(c - buf,
(int)strlen(quitString))) == 0) {
quit++;
fprintf(stdout, "Q");
}
/*
If the incoming data starts with the againString,
we are getting a pipeline request on the same session. Don't
close and wait for new connection in this case.
*/
if (memcmp(buf, againString,
min(c - buf, (int)strlen(againString))) == 0) {
again++;
fprintf(stdout, "A");
} else {
fprintf(stdout, "R");
again = 0;
}
/*
Copy the canned response header and decoded data from socket as the
response (reflector)
*/
responseHdrLen = (int)strlen(responseHdr);
bytes = responseHdrLen + (int)(c - buf);
response = malloc(bytes);
memcpy(response, responseHdr, responseHdrLen);
memcpy(response + responseHdrLen, buf, c - buf);
/*
Send response.
< 0 return indicates an error.
0 return indicates not all data was sent and we must retry
> 0 indicates that all requested bytes were sent
*/
writeMore:
rc = sslWrite(cp, response, bytes, &status);
if (rc < 0) {
free(response);
fprintf(stdout, "Internal sslWrite error\n");
socketShutdown(cp->fd);
sslFreeConnection(&cp);
continue;
} else if (rc == 0) {
goto writeMore;
}
free(response);
/*
If we saw an /again request, loop up and process another pipelined
HTTP request. The /again request is supported in the httpsClient
example code.
*/
if (again) {
continue;
}
/*
Send a closure alert for clean shutdown of remote SSL connection
This is for good form, some implementations just close the socket
*/
sslWriteClosureAlert(cp);
/*
Close the socket and wait for next connection (new session)
*/
socketShutdown(cp->fd);
sslFreeConnection(&cp);
acceptAgain = 1;
}
/*
Close listening socket, free remaining items
*/
if (cp && cp->ssl) {
socketShutdown(cp->fd);
sslFreeConnection(&cp);
}
socketShutdown(listenfd);
matrixSslFreeKeys(keys);
matrixSslClose();
WSACleanup();
promptAndExit:
fprintf(stdout, "\n\nPress return to exit...\n");
getchar();
return 0;
}
void tcpChargenConnectionTask(void *param)
{
error_t error;
//size_t i;
size_t n;
//size_t offset;
size_t byteCount;
systime_t startTime;
systime_t duration;
ChargenServiceContext *context;
//Get a pointer to the context
context = (ChargenServiceContext *) param;
//Get current time
startTime = osGetTickCount();
//Initialize counters
byteCount = 0;
//offset = 0;
//Once a connection is established a stream of data is sent out
//the connection (and any data received is thrown away). This
//continues until the calling user terminates the connection
while(1)
{
//Format output data
/*for(i = 0; i < CHARGEN_BUFFER_SIZE; i += 95)
{
//Calculate the length of the current line
n = min(CHARGEN_BUFFER_SIZE - i, 95);
//Copy character pattern
memcpy(context->buffer + i, pattern + offset, n);
}
//Update offset
offset += CHARGEN_BUFFER_SIZE + 95 - i;
//Wrap around if necessary
if(offset >= 95) offset = 0;*/
//Send data
error = socketSend(context->socket, context->buffer, CHARGEN_BUFFER_SIZE, &n, 0);
//Any error to report?
if(error) break;
//Total number of bytes sent
byteCount += n;
}
//Graceful shutdown
socketShutdown(context->socket, SOCKET_SD_BOTH);
//Compute total duration
duration = osGetTickCount() - startTime;
//Avoid division by zero...
if(!duration) duration = 1;
//Debug message
TRACE_INFO("Chargen service: %" PRIuSIZE " bytes "
"sent in %" PRIu32 " ms (%" PRIu32 " kBps, %" PRIu32 " kbps)\r\n",
byteCount, duration, byteCount / duration, (byteCount * 8) / duration);
//Close socket
socketClose(context->socket);
//Release previously allocated memory
osMemFree(context);
//Kill ourselves
osTaskDelete(NULL);
}
void httpConnectionTask(void *param)
{
error_t error;
uint_t counter;
HttpConnection *connection;
//Point to the structure representing the HTTP connection
connection = (HttpConnection *) param;
//Endless loop
while(1)
{
//Wait for an incoming connection attempt
osWaitForEvent(&connection->startEvent, INFINITE_DELAY);
//Initialize status code
error = NO_ERROR;
#if (HTTP_SERVER_TLS_SUPPORT == ENABLED)
//Use SSL/TLS to secure the connection?
if(connection->settings->useTls)
{
//Debug message
TRACE_INFO("Initializing SSL/TLS session...\r\n");
//Start of exception handling block
do
{
//Allocate SSL/TLS context
connection->tlsContext = tlsInit();
//Initialization failed?
if(connection->tlsContext == NULL)
{
//Report an error
error = ERROR_OUT_OF_MEMORY;
//Exit immediately
break;
}
//Select server operation mode
error = tlsSetConnectionEnd(connection->tlsContext, TLS_CONNECTION_END_SERVER);
//Any error to report?
if(error) break;
//Bind TLS to the relevant socket
error = tlsSetSocket(connection->tlsContext, connection->socket);
//Any error to report?
if(error) break;
//Invoke user-defined callback, if any
if(connection->settings->tlsInitCallback != NULL)
{
//Perform SSL/TLS related initialization
error = connection->settings->tlsInitCallback(connection, connection->tlsContext);
//Any error to report?
if(error) break;
}
//Establish a secure session
error = tlsConnect(connection->tlsContext);
//Any error to report?
if(error) break;
//End of exception handling block
} while(0);
}
else
{
//Do not use SSL/TLS
connection->tlsContext = NULL;
}
#endif
//Check status code
if(!error)
{
//Process incoming requests
for(counter = 0; counter < HTTP_SERVER_MAX_REQUESTS; counter++)
{
//Debug message
TRACE_INFO("Waiting for request...\r\n");
//Clear request header
memset(&connection->request, 0, sizeof(HttpRequest));
//Clear response header
memset(&connection->response, 0, sizeof(HttpResponse));
//Read the HTTP request header and parse its contents
error = httpReadHeader(connection);
//Any error to report?
if(error)
{
//Debug message
TRACE_INFO("No HTTP request received or parsing error...\r\n");
break;
}
#if (HTTP_SERVER_BASIC_AUTH_SUPPORT == ENABLED || HTTP_SERVER_DIGEST_AUTH_SUPPORT == ENABLED)
//No Authorization header found?
if(!connection->request.auth.found)
{
//Invoke user-defined callback, if any
if(connection->settings->authCallback != NULL)
{
//Check whether the access to the specified URI is authorized
connection->status = connection->settings->authCallback(connection,
connection->request.auth.user, connection->request.uri);
}
else
{
//Access to the specified URI is allowed
connection->status = HTTP_ACCESS_ALLOWED;
}
}
//Check access status
if(connection->status == HTTP_ACCESS_ALLOWED)
{
//Access to the specified URI is allowed
error = NO_ERROR;
}
else if(connection->status == HTTP_ACCESS_BASIC_AUTH_REQUIRED)
{
//Basic access authentication is required
connection->response.auth.mode = HTTP_AUTH_MODE_BASIC;
//Report an error
error = ERROR_AUTH_REQUIRED;
}
else if(connection->status == HTTP_ACCESS_DIGEST_AUTH_REQUIRED)
{
//Digest access authentication is required
connection->response.auth.mode = HTTP_AUTH_MODE_DIGEST;
//Report an error
error = ERROR_AUTH_REQUIRED;
}
else
{
//Access to the specified URI is denied
error = ERROR_NOT_FOUND;
}
#endif
//Debug message
TRACE_INFO("Sending HTTP response to the client...\r\n");
//Check status code
if(!error)
{
//Default HTTP header fields
connection->response.version = connection->request.version;
connection->response.noCache = FALSE;
#if (HTTP_SERVER_PERSISTENT_CONN_SUPPORT == ENABLED)
//Persistent connections are accepted
connection->response.keepAlive = connection->request.keepAlive;
#else
//Connections are not persistent by default
connection->response.keepAlive = FALSE;
#endif
#if (HTTP_SERVER_SSI_SUPPORT == ENABLED)
//Use server-side scripting to dynamically generate HTML code?
if(httpCompExtension(connection->request.uri, ".stm") ||
httpCompExtension(connection->request.uri, ".shtm") ||
httpCompExtension(connection->request.uri, ".shtml"))
{
//SSI processing (Server Side Includes)
error = ssiExecuteScript(connection, connection->request.uri, 0);
}
else
#endif
{
//Send the contents of the requested page
error = httpSendResponse(connection, connection->request.uri);
}
//The requested resource is not available?
if(error == ERROR_NOT_FOUND)
{
//Default HTTP header fields
connection->response.version = connection->request.version;
connection->response.statusCode = 200;
connection->response.keepAlive = connection->request.keepAlive;
connection->response.noCache = FALSE;
connection->response.location = NULL;
connection->response.contentType = mimeGetType(connection->request.uri);
connection->response.chunkedEncoding = TRUE;
//Invoke user-defined callback, if any
if(connection->settings->uriNotFoundCallback != NULL)
{
error = connection->settings->uriNotFoundCallback(connection,
connection->request.uri);
}
}
}
//Bad request?
if(error == ERROR_INVALID_REQUEST)
{
//Send an error 400 and close the connection immediately
httpSendErrorResponse(connection, 400,
"The request is badly formed");
}
//Authorization required?
else if(error == ERROR_AUTH_REQUIRED)
{
//Send an error 401 and keep the connection alive
error = httpSendErrorResponse(connection, 401,
"Authorization required");
}
//Page not found?
else if(error == ERROR_NOT_FOUND)
{
//Send an error 404 and keep the connection alive
error = httpSendErrorResponse(connection, 404,
"The requested page could not be found");
}
//Internal error?
if(error)
{
//Close the connection immediately
break;
}
//Check whether the connection is persistent or not
if(!connection->request.keepAlive || !connection->response.keepAlive)
{
//Close the connection immediately
break;
}
}
}
#if (HTTP_SERVER_TLS_SUPPORT == ENABLED)
//Valid SSL/TLS context?
if(connection->tlsContext != NULL)
{
//Debug message
TRACE_INFO("Closing SSL/TLS session...\r\n");
//Gracefully close SSL/TLS session
tlsShutdown(connection->tlsContext);
//Release context
tlsFree(connection->tlsContext);
}
#endif
//Debug message
TRACE_INFO("Graceful shutdown...\r\n");
//Graceful shutdown
socketShutdown(connection->socket, SOCKET_SD_BOTH);
//Debug message
TRACE_INFO("Closing socket...\r\n");
//Close socket
socketClose(connection->socket);
//Ready to serve the next connection request...
connection->running = FALSE;
//Release semaphore
osReleaseSemaphore(&connection->serverContext->semaphore);
}
}
void ftpServerControlEventHandler(FtpServerContext *context,
FtpClientConnection * connection, uint_t eventFlags)
{
error_t error;
size_t n;
//Send buffer is available for writing?
if(eventFlags == SOCKET_EVENT_TX_READY)
{
//Send data back to the client
error = socketSend(connection->controlSocket, connection->response +
connection->responsePos, connection->responseLength, &n, 0);
//Failed to send data?
if(error != NO_ERROR && error != ERROR_TIMEOUT)
{
//Close connection with the client
ftpServerCloseConnection(context, connection);
//Exit immediately
return;
}
//Advance data pointer
connection->responsePos += n;
//Number of bytes still available in the response buffer
connection->responseLength -= n;
}
//Data is pending in the receive buffer?
else if(eventFlags == SOCKET_EVENT_RX_READY)
{
//Read data from the client
error = socketReceive(connection->controlSocket,
connection->command + connection->commandLength,
FTP_SERVER_MAX_LINE_LEN - connection->commandLength, &n, 0);
//Failed to receive data?
if(error == ERROR_END_OF_STREAM)
{
//Gracefully disconnect from the remote host
connection->controlState = FTP_CONTROL_STATE_WAIT_ACK;
//Exit immediately
return;
}
else if(error)
{
//Close connection with the client
ftpServerCloseConnection(context, connection);
//Exit immediately
return;
}
//Number of bytes available in the command buffer
connection->commandLength += n;
//Process incoming command
ftpServerProcessCmd(context, connection);
}
//Data are transmitted and acknowledged?
else if(eventFlags == SOCKET_EVENT_TX_ACKED)
{
//Disable transmission
socketShutdown(connection->controlSocket, SOCKET_SD_SEND);
//Next state
connection->controlState = FTP_CONTROL_STATE_SHUTDOWN_TX;
}
//Transmission is shut down?
else if(eventFlags == SOCKET_EVENT_TX_SHUTDOWN)
{
//Disable reception
socketShutdown(connection->controlSocket, SOCKET_SD_RECEIVE);
//Next state
connection->controlState = FTP_CONTROL_STATE_SHUTDOWN_RX;
}
//Reception is shut down?
else if(eventFlags == SOCKET_EVENT_RX_SHUTDOWN)
{
//Properly close connection
ftpServerCloseConnection(context, connection);
}
}
int main(int argc, char **argv)
#endif
{
SOCKET srv_fd;
int status;
WSADATA wsaData;
// options
char *srv_host = NULL;
int srv_port = 0;
char *keyfile = NULL; //"privkeySrv.pem";
char *certfile = NULL; //"certSrv.pem";
int vlevel = 0;
char *cpos,*opos;
int tmpport;
int c;
int intarg;
#if VXWORKS
int argc;
char **argv;
parseCmdLineArgs(arg1, &argc, &argv);
#endif /* VXWORKS */
#if WINCE
int argc;
char **argv;
char args[256];
/*
* parseCmdLineArgs expects an ASCII string and CE is unicoded, so convert
* the command line. args will get hacked up, so you can't pass in a
* static string.
*/
WideCharToMultiByte(CP_ACP, 0, lpCmdLine, -1, args, 256, NULL, NULL);
/*
* Parse the command line into an argv array. This allocs memory, so
* we have to free argv when we're done.
*/
parseCmdLineArgs(args, &argc, &argv);
#endif /* WINCE */
/*
prepare
*/
#ifndef USE_FORK
memset(connections,0,MAXPROXYCOUNT*sizeof(struct proxyConnection));
#endif
/*
getopt
*/
/* Gemtek add +++ */
if(argc == 1) usage(1);
/* Gemtek add --- */
for (;;) {
c = getopt (argc, argv, "VD:P:fo:cd:r:p:A:v:h");
if (c == -1) {
break;
}
switch (c) {
case 'c':
// client mode
isClient=1;
break;
case 'd':
// daemon mode [host:]port
cpos = NULL;
tmpport = 0;
if((cpos = strchr(optarg,':'))) {
*cpos = '\0';
if(optarg && optarg[0])
srv_host = optarg;
optarg = ++cpos;
}
if(optarg && optarg[0]) {
tmpport = (int)strtol(optarg, (char **)NULL, 0);
if(tmpport) srv_port = tmpport;
}
break;
case 'r':
// remote [host:]port
cpos = NULL;
tmpport = 0;
if((cpos = strchr(optarg,':'))) {
*cpos = '\0';
if(optarg && optarg[0])
dst_host = optarg;
optarg = ++cpos;
}
if(optarg && optarg[0]) {
tmpport = (int)strtol(optarg, (char **)NULL, 0);
if(tmpport) dst_port = tmpport;
}
break;
case 'p':
// pemfile (requred in servermode)
keyfile = optarg;
break;
case 'A':
// CA file
certfile = optarg;
break;
case 'v':
// veryfication level
if(optarg && optarg[0]) {
vlevel = (int)strtol(optarg, (char **)NULL, 0);
if(vlevel == 1 ) {
cervalidator = certChecker;
}
else if(vlevel > 3 || vlevel < 0) {
fprintf(stderr,"-v takes whole numbers between 0 and 3");
exit(2);
}
}
break;
case 'P':
// create a pidfile
pidfile=optarg;
break;
case 'f':
// run in foreground.
nofork=1;
nosysl=1;
break;
case 'o':
// append logmessages to a file instead of stdout/syslog
break;
case 'O':
// socket options. TODO
break;
case 'D':
// debug level 0...7
intarg=strtol(optarg,NULL,0);
if(intarg<0 || intarg>7) {
usage(1);
}
gLogLevel=intarg;
break;
case 'V':
// version
break;
case '?':
case 'h':
usage(0);
break;
default:
usage(1);
break;
}
}
/* install handlers */
signal( SIGPIPE, SIG_IGN );
signal(SIGCHLD,sigchld_handler); /* ignore child */
signal(SIGHUP,kill_handler); /* catch hangup signal */
signal(SIGTERM,kill_handler); /* catch kill signal */
/*
Initialize Windows sockets (no-op on other platforms)
*/
WSAStartup(MAKEWORD(1,1), &wsaData);
if(!nosysl) {
openlog("matrixtunnel", LOG_PID, LOG_DAEMON);
setlogmask(LOG_UPTO(gLogLevel));
}
/*
Initialize the MatrixSSL Library, and read in the public key (certificate)
and private key.
*/
if (matrixSslOpen() < 0) {
ELOG("matrixSslOpen failed, exiting...");
exit(1);
}
/*
Standard PEM files
*/
if (matrixSslReadKeys(&keys, certfile, keyfile, NULL, NULL) < 0) {
ELOG("Error reading or parsing %s or %s, exiting...",
certfile, keyfile);
exit(1);
}
// go to background
if(!nofork) {
daemonize();
}
/*
Create the listen socket
*/
if ((srv_fd = socketListen(srv_port, &status)) == INVALID_SOCKET) {
ELOG("Cannot listen on port %d, exiting...", srv_port);
exit(1);
}
/*
Set blocking or not on the listen socket
*/
setSocketBlock(srv_fd);
/*
Main connection loop
*/
struct proxyConnection *cp=NULL;
struct proxyConnection *ncp;
fd_set rs, ws, es, cr;
int fdmax;
struct timeval tv;
int res, dontClose;
char buf[4096];
int pc, sc;
int ccount;
while (!quit) {
fdmax=srv_fd;
ncp=NULL;
FD_ZERO(&rs);
FD_ZERO(&ws);
FD_ZERO(&es);
FD_SET(srv_fd,&rs);
FD_SET(srv_fd,&ws);
FD_SET(srv_fd,&es);
ccount=0;
#ifndef USE_FORK
DLOG("next select on fds: %d ",srv_fd);
for(cp=connections;cp<&connections[MAXPROXYCOUNT];cp++) {
if (cp->done) {
closeProxyConnection(cp);
}
if (cp->secure_up) {
FD_SET(cp->secure->fd,&rs);
FD_SET(cp->secure->fd,&ws);
FD_SET(cp->secure->fd,&es);
if (fdmax < cp->secure->fd)
fdmax = cp->secure->fd;
DLOG("fd: %d",cp->secure->fd);
ccount++;
}
if (cp->plain_up) {
FD_SET(cp->plain,&rs);
FD_SET(cp->plain,&ws);
FD_SET(cp->plain,&es);
if (fdmax < cp->plain)
fdmax = cp->plain;
DLOG("fd: %d",cp->plain);
ccount++;
}
if(!ncp && !cp->inuse){
ncp=cp;
memset(ncp,0,sizeof(struct proxyConnection));
}
}
#else
struct proxyConnection ncp_s;
ncp=&ncp_s;
memset(ncp,0,sizeof(struct proxyConnection));
#endif
tv.tv_sec=10;
tv.tv_usec=0;
DLOG("main : select on %d open connections. fdmax: %d", ccount, fdmax);
res=select(fdmax+1,&rs,NULL,&es,&tv);
DLOG("select returned: %d %s", res , strerror(errno) );
if(res<0) {
perror("select");
continue;
}
if(res==0)
continue;
#ifndef USE_FORK
// handle open connections
for(cp=connections;cp<&connections[MAXPROXYCOUNT];cp++) {
if (cp->secure_up && cp->plain_up) {
if(FD_ISSET(cp->secure->fd,&es) || FD_ISSET(cp->plain,&es)) {
closeProxyConnection(cp);
continue;
}
if(secureReady(cp)) {
sc=proxyReadwrite(cp,1);
if(sc<0) {
closeProxyConnection(cp);
continue;
}
}
if(plainReady(cp)) {
pc=proxyReadwrite(cp,0);
if(pc<0) {
closeProxyConnection(cp);
continue;
}
}
}
}
#endif
// do we have new connections?
if(FD_ISSET(srv_fd,&rs)) {
proxyAccept(srv_fd,ncp);
}
}
/*
Close listening socket, free remaining items
*/
socketShutdown(srv_fd);
#ifndef USE_FORK
for(cp=connections;cp<&connections[MAXPROXYCOUNT];cp++) {
closeProxyConnection(cp);
}
#endif
if(!nosysl) {
closelog();
}
matrixSslFreeKeys(keys);
matrixSslClose();
WSACleanup();
return 0;
}
void
proxyAccept(int srv_fd, struct proxyConnection *ncp)
{
SOCKET src_fd, dst_fd;
// struct linger linger;
int status;
int res;
struct timeval tv;
int pc, sc;
int ccount=0;
ILOG("Accepting new connection.");
if ((src_fd = socketAccept(srv_fd, &status)) == INVALID_SOCKET) {
WLOG("Error accepting connection: %d", status);
return;
}
#ifdef USE_FORK
// fork here
fd_set rs, ws, es;
int fdmax;
int pid=fork();
switch(pid) {
case -1: /* error */
closesocket(ncp->plain);
closesocket(ncp->secure->fd);
break;
case 0: /* child */
#endif
ncp->inuse=1;
if (!isClient) {
DLOG("Trying to accept ssl connection");
if (sslAccept(&ncp->secure, src_fd, keys, cervalidator, 0)) {
WLOG("Error could not establish ssl connection");
socketShutdown(src_fd);
/* Gemtek add +++ */
#ifdef USE_FORK
quit=1;
#endif
/* Gemtek add --- */
return;
}
}
setSocketNonblock(src_fd);
/*
linger.l_onoff = 1;
linger.l_linger = 1;
setsockopt(src_fd, SOL_SOCKET, SO_LINGER, (char *) &linger,sizeof(linger));
*/
/* try to connect to remote end of tunnel */
DLOG("Trying to connect server %s:%d", dst_host, dst_port);
if ((dst_fd = socketConnect(dst_host, dst_port, &status)) == INVALID_SOCKET) {
WLOG("Error connecting to server %s:%d", dst_host, dst_port);
socketShutdown(src_fd);
/* Gemtek add +++ */
#ifdef USE_FORK
quit=1;
#endif
/* Gemtek add --- */
return;
}
if (isClient) {
DLOG("Trying to establish an ssl connection to server %s:%d", dst_host, dst_port);
if ((sslConnect(&ncp->secure, dst_fd, keys, ncp->sessionId, ncp->cipherSuite, cervalidator)) == INVALID_SOCKET) {
WLOG("Error connecting to ssl server %s:%d", dst_host, dst_port);
socketShutdown(src_fd);
return;
}
}
setSocketNonblock(dst_fd);
/*
linger.l_onoff = 1;
linger.l_linger = 1;
setsockopt(dst_fd, SOL_SOCKET, SO_LINGER, (char *) &linger,sizeof(linger));
*/
ncp->plain = isClient ? src_fd : dst_fd;
ncp->plain_up=1;
ncp->secure_up=1;
ILOG("Connection established. plain_fd:%d secure_fd:%d", ncp->plain, ncp->secure->fd);
// handle remaining bytes in buffer.
/*
res=proxyReadwrite(ncp,1);
if(res<0) {
ncp->error=1;
closeProxyConnection(ncp);
}
*/
// fork here
#ifdef USE_FORK
closesocket(srv_fd);
fdmax=ncp->plain > ncp->secure->fd ? ncp->plain : ncp->secure->fd;
while (!quit) {
FD_ZERO(&rs);
FD_ZERO(&ws);
FD_ZERO(&es);
FD_SET(ncp->plain,&rs);
FD_SET(ncp->plain,&ws);
FD_SET(ncp->plain,&es);
FD_SET(ncp->secure->fd,&rs);
FD_SET(ncp->secure->fd,&ws);
FD_SET(ncp->secure->fd,&es);
tv.tv_sec=10;
tv.tv_usec=0;
DLOG("select on %d open connections. fdmax: %d", ccount, fdmax);
res=select(fdmax+1,&rs,NULL,&es,&tv);
// DLOG("select returned: %d", res);
DLOG("proxyAccept->select returned: %d %s errno=%d", res , strerror(errno), errno );
if(res<0) {
perror("select");
continue;
}
/*
if(res==0)
continue;
*/
if(FD_ISSET(ncp->secure->fd,&es) || FD_ISSET(ncp->plain,&es)) {
ncp->error=1;
break;
}
sc=proxyReadwrite(ncp,1);
if(sc<0) break;
pc=proxyReadwrite(ncp,0);
if(pc<0) break;
if(ncp->done) {
quit=1;
break;
}
}
closeProxyConnection(ncp);
DLOG("done. exiting...");
exit(0);
break;
default:
closesocket(src_fd);
/* server */
break;
}
#endif
}
int main(int argc, char **argv)
#endif
{
sslSessionId_t *sessionId;
sslConn_t *conn;
sslKeys_t *keys;
WSADATA wsaData;
SOCKET fd;
short cipherSuite;
unsigned char *ip, *c, *requestBuf;
unsigned char buf[1024];
int iterations, requests, connectAgain, status;
int quit, rc, bytes, i, j, err;
time_t t0, t1;
#if REUSE
int anonStatus;
#endif
#if VXWORKS
int argc;
char **argv;
parseCmdLineArgs(arg1, &argc, &argv);
#endif /* VXWORKS */
#if WINCE
int argc;
char **argv;
char args[256];
/*
* parseCmdLineArgs expects an ASCII string and CE is unicoded, so convert
* the command line. args will get hacked up, so you can't pass in a
* static string.
*/
WideCharToMultiByte(CP_ACP, 0, lpCmdLine, -1, args, 256, NULL, NULL);
/*
* Parse the command line into an argv array. This allocs memory, so
* we have to free argv when we're done.
*/
parseCmdLineArgs(args, &argc, &argv);
#endif /* WINCE */
conn = NULL;
/*
First (optional) argument is ip address to connect to (port is hardcoded)
Second (optional) argument is number of iterations to perform
Third (optional) argument is number of keepalive HTTP requests
Fourth (optional) argument is cipher suite number to use (0 for any)
*/
ip = HTTPS_IP;
iterations = ITERATIONS;
requests = REQUESTS;
cipherSuite = 0x0000;
if (argc > 1) {
ip = argv[1];
if (argc > 2) {
iterations = atoi(argv[2]);
socketAssert(iterations > 0);
if (argc > 3) {
requests = atoi(argv[3]);
socketAssert(requests > 0);
if (argc > 4) {
cipherSuite = (short)atoi(argv[4]);
}
}
}
}
/*
Initialize Windows sockets (no-op on other platforms)
*/
WSAStartup(MAKEWORD(1,1), &wsaData);
/*
Initialize the MatrixSSL Library, and read in the certificate file
used to validate the server.
*/
if (matrixSslOpen() < 0) {
fprintf(stderr, "matrixSslOpen failed, exiting...");
}
sessionId = NULL;
if (matrixSslReadKeys(&keys, NULL, NULL, NULL, CAfile) < 0) {
goto promptAndExit;
}
/*
Intialize loop control variables
*/
quit = 0;
connectAgain = 1;
i = 1;
/*
Just reuse the requestBuf and malloc to largest possible message size
*/
requestBuf = malloc(sizeof(requestAgain));
t0 = time(0);
/*
Main ITERATIONS loop
*/
while (!quit && (i < iterations)) {
/*
sslConnect uses port and ip address to connect to SSL server.
Generates a new session
*/
if (connectAgain) {
if ((fd = socketConnect(ip, HTTPS_PORT, &err)) == INVALID_SOCKET) {
fprintf(stdout, "Error connecting to server %s:%d\n", ip, HTTPS_PORT);
matrixSslFreeKeys(keys);
goto promptAndExit;
}
if (sslConnect(&conn, fd, keys, sessionId, cipherSuite, certChecker) < 0) {
quit = 1;
socketShutdown(fd);
fprintf(stderr, "Error connecting to %s:%d\n", ip, HTTPS_PORT);
continue;
}
i++;
connectAgain = 0;
j = 1;
}
if (conn == NULL) {
quit++;
continue;
}
/*
Copy the HTTP request header into the buffer, based of whether or
not we want httpReflector to keep the socket open or not
*/
if (j == requests) {
bytes = (int)strlen(request);
memcpy(requestBuf, request, bytes);
} else {
bytes = (int)strlen(requestAgain);
memcpy(requestBuf, requestAgain, bytes);
}
/*
Send request.
< 0 return indicates an error.
0 return indicates not all data was sent and we must retry
> 0 indicates that all requested bytes were sent
*/
writeMore:
rc = sslWrite(conn, requestBuf, bytes, &status);
if (rc < 0) {
fprintf(stdout, "Internal sslWrite error\n");
socketShutdown(conn->fd);
sslFreeConnection(&conn);
continue;
} else if (rc == 0) {
goto writeMore;
}
/*
Read response
< 0 return indicates an error.
0 return indicates an EOF or CLOSE_NOTIFY in this situation
> 0 indicates that some bytes were read. Keep reading until we see
the /r/n/r/n from the response header. There may be data following
this header, but we don't try too hard to read it for this example.
*/
c = buf;
readMore:
if ((rc = sslRead(conn, c, sizeof(buf) - (int)(c - buf), &status)) > 0) {
c += rc;
if (c - buf < 4 || memcmp(c - 4, "\r\n\r\n", 4) != 0) {
goto readMore;
}
} else {
if (rc < 0) {
fprintf(stdout, "sslRead error. dropping connection.\n");
}
if (rc < 0 || status == SSLSOCKET_EOF ||
status == SSLSOCKET_CLOSE_NOTIFY) {
socketShutdown(conn->fd);
sslFreeConnection(&conn);
continue;
}
goto readMore;
}
/*
Determine if we want to do a pipelined HTTP request/response
*/
if (j++ < requests) {
fprintf(stdout, "R");
continue;
} else {
fprintf(stdout, "C");
}
/*
Reuse the session. Comment out these two lines to test the entire
public key renegotiation each iteration
*/
#if REUSE
matrixSslFreeSessionId(sessionId);
matrixSslGetSessionId(conn->ssl, &sessionId);
/*
This example shows how a user might want to limit a client to
resuming handshakes only with authenticated servers. In this
example, the client will force any non-authenticated (anonymous)
server to go through a complete handshake each time. This is
strictly an example of one policy decision an implementation
might wish to make.
*/
matrixSslGetAnonStatus(conn->ssl, &anonStatus);
if (anonStatus) {
matrixSslFreeSessionId(sessionId);
sessionId = NULL;
}
#endif
/*
Send a closure alert for clean shutdown of remote SSL connection
This is for good form, some implementations just close the socket
*/
sslWriteClosureAlert(conn);
/*
Session done. Connect again if more iterations remaining
*/
socketShutdown(conn->fd);
sslFreeConnection(&conn);
connectAgain = 1;
}
t1 = time(0);
free(requestBuf);
matrixSslFreeSessionId(sessionId);
if (conn && conn->ssl) {
socketShutdown(conn->fd);
sslFreeConnection(&conn);
}
fprintf(stdout, "\n%d connections in %d seconds (%f c/s)\n",
i, (int)(t1 - t0), (double)i / (t1 - t0));
fprintf(stdout, "\n%d requests in %d seconds (%f r/s)\n",
i * requests, (int)(t1 - t0),
(double)(i * requests) / (t1 - t0));
/*
Close listening socket, free remaining items
*/
matrixSslFreeKeys(keys);
matrixSslClose();
WSACleanup();
promptAndExit:
fprintf(stdout, "Press return to exit...\n");
getchar();
#if WINCE || VXWORKS
if (argv) {
free((void*) argv);
}
#endif /* WINCE */
return 0;
}
