struct tcp_connection* get_cur_connection(struct sip_msg* msg)
{
struct tcp_connection* c;
if (msg->rcv.proto != PROTO_TLS) {
LM_ERR("transport protocol is not TLS (bug in config)\n");
return 0;
}
tcp_conn_get(msg->rcv.proto_reserved1, 0, 0, PROTO_NONE, &c, NULL/*fd*/);
if (c && c->type != PROTO_TLS) {
LM_ERR("connection found but is not TLS (bug in config)\n");
tcp_conn_release(c, 0);
return 0;
}
return c;
}
static int hep_tcp_send (struct socket_info* send_sock,
char *buf, unsigned int len, union sockaddr_union *to, int id)
{
struct tcp_connection *c;
int port=0;
struct ip_addr ip;
int fd, n;
if (to) {
su2ip_addr(&ip, to);
port=su_getport(to);
n = tcp_conn_get(id,&ip, port, &c, &fd);
} else if (id) {
n = tcp_conn_get(id, 0, 0, &c, &fd);
} else {
LM_CRIT("tcp_send called with null id & to\n");
return -1;
}
if (n < 0) {
/* error during conn get, return with error too */
LM_ERR("failed to aquire connection\n");
return -1;
}
/* was connection found ?? */
if (c==0) {
if (tcp_no_new_conn) {
return -1;
}
if (!to) {
LM_ERR("Unknown destination - cannot open new tcp connection\n");
return -1;
}
LM_DBG("no open tcp connection found, opening new one, async = %d\n",hep_async);
/* create tcp connection */
if (hep_async) {
n = tcpconn_async_connect(send_sock, to, buf, len, &c, &fd);
if ( n<0 ) {
LM_ERR("async TCP connect failed\n");
return -1;
}
/* connect succeded, we have a connection */
if (n==0) {
/* connect is still in progress, break the sending
* flow now (the actual write will be done when
* connect will be completed */
LM_DBG("Succesfully started async connection \n");
tcp_conn_release(c, 0);
return len;
}
/* our first connect attempt succeeded - go ahead as normal */
} else if ((c=hep_sync_connect(send_sock, to, &fd))==0) {
LM_ERR("connect failed\n");
return -1;
}
goto send_it;
}
/* now we have a connection, let's see what we can do with it */
/* BE CAREFUL now as we need to release the conn before exiting !!! */
if (fd==-1) {
/* connection is not writable because of its state - can we append
* data to it for later writting (async writting)? */
if (c->state==S_CONN_CONNECTING) {
/* the connection is currently in the process of getting
* connected - let's append our send chunk as well - just in
* case we ever manage to get through */
LM_DBG("We have acquired a TCP connection which is still "
"pending to connect - delaying write \n");
n = add_write_chunk(c,buf,len,1);
if (n < 0) {
LM_ERR("Failed to add another write chunk to %p\n",c);
/* we failed due to internal errors - put the
* connection back */
tcp_conn_release(c, 0);
return -1;
}
/* we succesfully added our write chunk - success */
tcp_conn_release(c, 0);
return len;
} else {
/* return error, nothing to do about it */
tcp_conn_release(c, 0);
return -1;
}
}
send_it:
LM_DBG("sending via fd %d...\n",fd);
n = _hep_write_on_socket(c, fd, buf, len);
tcp_conn_set_lifetime( c, tcp_con_lifetime);
LM_DBG("after write: c= %p n=%d fd=%d\n",c, n, fd);
/* LM_DBG("buf=\n%.*s\n", (int)len, buf); */
if (n<0){
LM_ERR("failed to send\n");
c->state=S_CONN_BAD;
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, 0);
return -1;
}
/* only close the FD if not already in the context of our process
either we just connected, or main sent us the FD */
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, (n<len)?1:0/*pending data in async mode?*/ );
return n;
}
/*! \brief Finds a tcpconn & sends on it */
static int proto_ws_send(struct socket_info* send_sock,
char* buf, unsigned int len,
union sockaddr_union* to, int id)
{
struct tcp_connection *c;
struct timeval get;
struct ip_addr ip;
int port = 0;
int fd, n;
reset_tcp_vars(tcpthreshold);
start_expire_timer(get,tcpthreshold);
if (to){
su2ip_addr(&ip, to);
port=su_getport(to);
n = tcp_conn_get(id, &ip, port, &c, &fd);
}else if (id){
n = tcp_conn_get(id, 0, 0, &c, &fd);
}else{
LM_CRIT("prot_tls_send called with null id & to\n");
get_time_difference(get,tcpthreshold,tcp_timeout_con_get);
return -1;
}
if (n<0) {
/* error during conn get, return with error too */
LM_ERR("failed to aquire connection\n");
get_time_difference(get,tcpthreshold,tcp_timeout_con_get);
return -1;
}
/* was connection found ?? */
if (c==0) {
if (tcp_no_new_conn) {
return -1;
}
LM_DBG("no open tcp connection found, opening new one\n");
/* create tcp connection */
if ((c=ws_connect(send_sock, to, &fd))==0) {
LM_ERR("connect failed\n");
return -1;
}
goto send_it;
}
get_time_difference(get, tcpthreshold, tcp_timeout_con_get);
/* now we have a connection, let's what we can do with it */
/* BE CAREFUL now as we need to release the conn before exiting !!! */
if (fd==-1) {
/* connection is not writable because of its state */
/* return error, nothing to do about it */
tcp_conn_release(c, 0);
return -1;
}
send_it:
LM_DBG("sending via fd %d...\n",fd);
n = ws_req_write(c, fd, buf, len);
stop_expire_timer(get, tcpthreshold, "WS ops",buf,(int)len,1);
tcp_conn_set_lifetime( c, tcp_con_lifetime);
LM_DBG("after write: c= %p n=%d fd=%d\n",c, n, fd);
if (n<0){
LM_ERR("failed to send\n");
c->state=S_CONN_BAD;
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, 0);
return -1;
}
/* only close the FD if not already in the context of our process
either we just connected, or main sent us the FD */
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, 0);
return n;
}
static int proto_tls_send(struct socket_info* send_sock,
char* buf, unsigned int len, union sockaddr_union* to, int id)
{
struct tcp_connection *c;
struct ip_addr ip;
int port;
int fd, n;
struct tls_data* data;
if (to){
su2ip_addr(&ip, to);
port=su_getport(to);
n = tcp_conn_get(id, &ip, port, PROTO_TLS, &c, &fd);
}else if (id){
n = tcp_conn_get(id, 0, 0, PROTO_NONE, &c, &fd);
}else{
LM_CRIT("prot_tls_send called with null id & to\n");
return -1;
}
if (n<0) {
/* error during conn get, return with error too */
LM_ERR("failed to acquire connection\n");
return -1;
}
/* was connection found ?? */
if (c==0) {
if (tcp_no_new_conn) {
return -1;
}
LM_DBG("no open tcp connection found, opening new one\n");
/* create tcp connection */
if ((c=tls_sync_connect(send_sock, to, &fd))==0) {
LM_ERR("connect failed\n");
return -1;
}
goto send_it;
}
/* now we have a connection, let's what we can do with it */
/* BE CAREFUL now as we need to release the conn before exiting !!! */
if (fd==-1) {
/* connection is not writable because of its state */
/* return error, nothing to do about it */
tcp_conn_release(c, 0);
return -1;
}
send_it:
/* if there is pending tracing data on a connection startet by us
* (connected) -> flush it
* As this is a write op, we look only for connected conns, not to conflict
* with accepted conns (flushed on read op) */
if ( (c->flags&F_CONN_ACCEPTED)==0 && c->proto_flags & F_TLS_TRACE_READY ) {
data = c->proto_data;
/* send the message if set from tls_mgm */
if ( data->message ) {
send_trace_message( data->message, t_dst);
data->message = NULL;
}
/* don't allow future traces for this connection */
data->tprot = 0;
data->dest = 0;
c->proto_flags &= ~( F_TLS_TRACE_READY );
}
LM_DBG("sending via fd %d...\n",fd);
lock_get(&c->write_lock);
n = tls_blocking_write(c, fd, buf, len, &tls_mgm_api);
lock_release(&c->write_lock);
tcp_conn_set_lifetime( c, tcp_con_lifetime);
LM_DBG("after write: c= %p n=%d fd=%d\n",c, n, fd);
LM_DBG("buf=\n%.*s\n", (int)len, buf);
if (n<0){
LM_ERR("failed to send\n");
c->state=S_CONN_BAD;
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, 0);
return -1;
}
/* only close the FD if not already in the context of our process
either we just connected, or main sent us the FD */
if (c->proc_id != process_no)
close(fd);
/* mark the ID of the used connection (tracing purposes) */
last_outgoing_tcp_id = c->id;
tcp_conn_release(c, 0);
return n;
}
static int is_peer_verified(struct sip_msg* msg, char* foo, char* foo2)
{
struct tcp_connection *c;
SSL *ssl;
long ssl_verify;
X509 *x509_cert;
LM_DBG("started...\n");
if (msg->rcv.proto != PROTO_TLS) {
LM_ERR("proto != TLS --> peer can't be verified, return -1\n");
return -1;
}
LM_DBG("trying to find TCP connection of received message...\n");
/* what if we have multiple connections to the same remote socket? e.g. we can have
connection 1: localIP1:localPort1 <--> remoteIP:remotePort
connection 2: localIP2:localPort2 <--> remoteIP:remotePort
but I think the is very unrealistic */
tcp_conn_get(0, &(msg->rcv.src_ip), msg->rcv.src_port, PROTO_TLS, &c, NULL/*fd*/);
if (c==NULL) {
LM_ERR("no corresponding TLS/TCP connection found."
" This should not happen... return -1\n");
return -1;
}
LM_DBG("corresponding TLS/TCP connection found. s=%d, fd=%d, id=%d\n",
c->s, c->fd, c->id);
if (!c->extra_data) {
LM_ERR("no extra_data specified in TLS/TCP connection found."
" This should not happen... return -1\n");
goto error;
}
ssl = (SSL *) c->extra_data;
ssl_verify = SSL_get_verify_result(ssl);
if ( ssl_verify != X509_V_OK ) {
LM_WARN("verification of presented certificate failed... return -1\n");
goto error;
}
/* now, we have only valid peer certificates or peers without certificates.
* Thus we have to check for the existence of a peer certificate
*/
x509_cert = SSL_get_peer_certificate(ssl);
if ( x509_cert == NULL ) {
LM_WARN("tlsops:is_peer_verified: WARNING: peer did not presented "
"a certificate. Thus it could not be verified... return -1\n");
goto error;
}
X509_free(x509_cert);
tcp_conn_release(c, 0);
LM_DBG("tlsops:is_peer_verified: peer is successfully verified"
"...done\n");
return 1;
error:
tcp_conn_release(c, 0);
return -1;
}
/*! \brief Finds a tcpconn & sends on it */
static int proto_wss_send(struct socket_info* send_sock,
char* buf, unsigned int len,
union sockaddr_union* to, int id)
{
struct tcp_connection *c;
struct timeval get;
struct ip_addr ip;
int port = 0;
int fd, n;
struct ws_data* d;
reset_tcp_vars(tcpthreshold);
start_expire_timer(get,tcpthreshold);
if (to){
su2ip_addr(&ip, to);
port=su_getport(to);
n = tcp_conn_get(id, &ip, port, PROTO_WSS, &c, &fd);
}else if (id){
n = tcp_conn_get(id, 0, 0, PROTO_NONE, &c, &fd);
}else{
LM_CRIT("prot_tls_send called with null id & to\n");
get_time_difference(get,tcpthreshold,tcp_timeout_con_get);
return -1;
}
if (n<0) {
/* error during conn get, return with error too */
LM_ERR("failed to acquire connection\n");
get_time_difference(get,tcpthreshold,tcp_timeout_con_get);
return -1;
}
/* was connection found ?? */
if (c==0) {
if (tcp_no_new_conn) {
return -1;
}
if (!to) {
LM_ERR("Unknown destination - cannot open new tcp connection\n");
return -1;
}
LM_DBG("no open tcp connection found, opening new one\n");
/* create tcp connection */
if ((c=ws_connect(send_sock, to, &fd))==0) {
LM_ERR("connect failed\n");
return -1;
}
goto send_it;
}
get_time_difference(get, tcpthreshold, tcp_timeout_con_get);
/* now we have a connection, let's what we can do with it */
/* BE CAREFUL now as we need to release the conn before exiting !!! */
if (fd==-1) {
/* connection is not writable because of its state */
/* return error, nothing to do about it */
tcp_conn_release(c, 0);
return -1;
}
send_it:
LM_DBG("sending via fd %d...\n",fd);
n = ws_req_write(c, fd, buf, len);
stop_expire_timer(get, tcpthreshold, "WSS ops",buf,(int)len,1);
tcp_conn_set_lifetime( c, tcp_con_lifetime);
/* only here we will have all tracing data TLS + WS */
d = c->proto_data;
if ( (c->flags&F_CONN_ACCEPTED)==0 && d && d->dest && d->tprot ) {
if ( d->message ) {
send_trace_message( d->message, t_dst);
d->message = NULL;
}
/* don't allow future traces for this cnection */
d->tprot = 0;
d->dest = 0;
}
LM_DBG("after write: c= %p n=%d fd=%d\n",c, n, fd);
if (n<0){
LM_ERR("failed to send\n");
c->state=S_CONN_BAD;
if (c->proc_id != process_no)
close(fd);
tcp_conn_release(c, 0);
return -1;
}
/* only close the FD if not already in the context of our process
either we just connected, or main sent us the FD */
if (c->proc_id != process_no)
close(fd);
/* mark the ID of the used connection (tracing purposes) */
last_outgoing_tcp_id = c->id;
tcp_conn_release(c, 0);
return n;
}
