static int ssl_connect(struct vconn *vconn) { struct ssl_vconn *sslv = ssl_vconn_cast(vconn); int retval; switch (sslv->state) { case STATE_TCP_CONNECTING: retval = check_connection_completion(sslv->fd); if (retval) { return retval; } sslv->state = STATE_SSL_CONNECTING; /* Fall through. */ case STATE_SSL_CONNECTING: retval = (sslv->type == CLIENT ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); if (retval != 1) { int error = SSL_get_error(sslv->ssl, retval); if (retval < 0 && ssl_wants_io(error)) { return EAGAIN; } else { int unused; interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" : "SSL_accept"), retval, error, &unused); shutdown(sslv->fd, SHUT_RDWR); return EPROTO; } } else if (bootstrap_ca_cert) { return do_ca_cert_bootstrap(vconn); } else if ((SSL_get_verify_mode(sslv->ssl) & (SSL_VERIFY_NONE | SSL_VERIFY_PEER)) != SSL_VERIFY_PEER) { /* Two or more SSL connections completed at the same time while we * were in bootstrap mode. Only one of these can finish the * bootstrap successfully. The other one(s) must be rejected * because they were not verified against the bootstrapped CA * certificate. (Alternatively we could verify them against the CA * certificate, but that's more trouble than it's worth. These * connections will succeed the next time they retry, assuming that * they have a certificate against the correct CA.) */ VLOG_ERR("rejecting SSL connection during bootstrap race window"); return EPROTO; } else { return 0; } } NOT_REACHED(); }
static int unix_open(const char *name, char *suffix, struct vconn **vconnp) { const char *connect_path = suffix; char bind_path[128]; int fd; sprintf(bind_path, "/tmp/vconn-unix.%ld.%d", (long int) getpid(), n_unix_sockets++); fd = make_unix_socket(SOCK_STREAM, true, false, bind_path, connect_path); if (fd < 0) { VLOG_ERR("%s: connection to %s failed: %s", bind_path, connect_path, strerror(-fd)); return -fd; } return new_stream_vconn(name, fd, check_connection_completion(fd), 0, vconnp); }
static int unix_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp OVS_UNUSED) { char *connect_path; int fd; connect_path = abs_file_name(ovs_rundir(), suffix); fd = make_unix_socket(SOCK_STREAM, true, NULL, connect_path); if (fd < 0) { VLOG_DBG("%s: connection failed (%s)", connect_path, ovs_strerror(-fd)); free(connect_path); return -fd; } free(connect_path); return new_fd_stream(name, fd, check_connection_completion(fd), streamp); }
static int unix_open(const char *name, char *suffix, struct stream **streamp) { const char *connect_path = suffix; char *bind_path; int fd; bind_path = xasprintf("/tmp/stream-unix.%ld.%d", (long int) getpid(), n_unix_sockets++); fd = make_unix_socket(SOCK_STREAM, true, false, bind_path, connect_path); if (fd < 0) { VLOG_ERR("%s: connection to %s failed: %s", bind_path, connect_path, strerror(-fd)); free(bind_path); return -fd; } return new_fd_stream(name, fd, check_connection_completion(fd), bind_path, streamp); }
static int stream_connect(struct vconn *vconn) { struct stream_vconn *s = stream_vconn_cast(vconn); return check_connection_completion(s->fd); }
static int ssl_connect(struct stream *stream) { struct ssl_stream *sslv = ssl_stream_cast(stream); int retval; switch (sslv->state) { case STATE_TCP_CONNECTING: retval = check_connection_completion(sslv->fd); if (retval) { return retval; } sslv->state = STATE_SSL_CONNECTING; setsockopt_tcp_nodelay(sslv->fd); /* Fall through. */ case STATE_SSL_CONNECTING: /* Capture the first few bytes of received data so that we can guess * what kind of funny data we've been sent if SSL negotiation fails. */ if (sslv->n_head <= 0) { sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head, MSG_PEEK); } retval = (sslv->type == CLIENT ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); if (retval != 1) { int error = SSL_get_error(sslv->ssl, retval); if (retval < 0 && ssl_wants_io(error)) { return EAGAIN; } else { int unused; interpret_ssl_error((sslv->type == CLIENT ? "SSL_connect" : "SSL_accept"), retval, error, &unused); shutdown(sslv->fd, SHUT_RDWR); stream_report_content(sslv->head, sslv->n_head, STREAM_SSL, &this_module, stream_get_name(stream)); return EPROTO; } } else if (bootstrap_ca_cert) { return do_ca_cert_bootstrap(stream); } else if (verify_peer_cert && ((SSL_get_verify_mode(sslv->ssl) & (SSL_VERIFY_NONE | SSL_VERIFY_PEER)) != SSL_VERIFY_PEER)) { /* Two or more SSL connections completed at the same time while we * were in bootstrap mode. Only one of these can finish the * bootstrap successfully. The other one(s) must be rejected * because they were not verified against the bootstrapped CA * certificate. (Alternatively we could verify them against the CA * certificate, but that's more trouble than it's worth. These * connections will succeed the next time they retry, assuming that * they have a certificate against the correct CA.) */ VLOG_INFO("rejecting SSL connection during bootstrap race window"); return EPROTO; } else { return 0; } } OVS_NOT_REACHED(); }
static int fd_connect(struct stream *stream) { struct stream_fd *s = stream_fd_cast(stream); return check_connection_completion(s->fd); }