sr-dev

sr-dev@lists.kamailio.org

44307 discussions

git:andrei/tcp_tls_changes: tls: update & fix repeated send & delayed send

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: c8f4204eab1f2ade5f27c8fe1b28dbf3c9d5e084 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c8f4204… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Wed Jun 23 23:31:57 2010 +0200 tls: update & fix repeated send & delayed send Update to the new tls encode callback api. This fixes the following bugs: - bug on tls partial write and repeated tcp send (in some cases the tcp send function does not expect to be called again in the same state and might overwrite the response that has to be sent to tcp_main resulting in the worst case in a possible unwatched connection). - missing tls callback when trying to send on a connection with already queued data (without the api change a 3rd type of send tls callback would have been needed). --- modules/tls/tls_mod.c | 3 +- modules/tls/tls_server.c | 150 ++++++++++++---------------------------------- modules/tls/tls_server.h | 9 +-- 3 files changed, 41 insertions(+), 121 deletions(-) diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c index 49c4ec3..aff4815 100644 --- a/modules/tls/tls_mod.c +++ b/modules/tls/tls_mod.c @@ -235,8 +235,7 @@ struct module_exports exports = { static struct tls_hooks tls_h = { tls_read_f, - tls_do_send_f, - tls_1st_send_f, + tls_encode_f, tls_h_tcpconn_init, tls_h_tcpconn_clean, tls_h_close, diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c index 60ba221..600653c 100644 --- a/modules/tls/tls_server.c +++ b/modules/tls/tls_server.c @@ -558,7 +558,6 @@ void tls_h_tcpconn_clean(struct tcp_connection *c) */ void tls_h_close(struct tcp_connection *c, int fd) { - unsigned char rd_buf[TLS_RD_MBUF_SZ]; unsigned char wr_buf[TLS_WR_MBUF_SZ]; struct tls_mbuf rd, wr; @@ -577,7 +576,7 @@ void tls_h_close(struct tcp_connection *c, int fd) lock_release(&c->write_lock); return; } - tls_mbuf_init(&rd, rd_buf, sizeof(rd_buf)); + tls_mbuf_init(&rd, 0, 0); /* no read */ tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf)); if (tls_set_mbufs(c, &rd, &wr)==0) { tls_shutdown(c); /* shudown only on succesfull set fd */ @@ -604,55 +603,50 @@ typedef int (*tcp_low_level_send_t)(int fd, struct tcp_connection *c, -/** tls generic send function. - * It is used by tls_do_send_f and tls_1st_send_f (which are wrappers - * arround it). - * WARNING: it must _not_ be called with c->write_lock held! +/** tls encrypt before sending function. + * It is a callback that will be called by the tcp code, before a send + * on TLS would be attempted. It should replace the input buffer with a + * new static buffer containing the TLS processed data. + * WARNING: it must always be called with c->write_lock held! * @param c - tcp connection - * @param fd - valid file descriptor for the tcp connection - * @param buf - data - * @param len - data size - * @param send_flags - * @param resp - filled with a cmd. for tcp_main (@see tcpconn_do_send() for - * more details) - * @param tcp_do_send_f - callback for doing the tcp send (resp must - * passed to it) - * - * @return >=0 on success, < 0 on error && * resp == CON_ERROR. + * @param pbuf - pointer to buffer (value/result, on success it will be + * replaced with a static buffer). + * @param plen - pointer to buffer size (value/result, on success it will be + * replaced with the size of the replacement buffer. + * @return *plen on success (>=0), < 0 on error. */ -static int tls_generic_send(int fd, struct tcp_connection *c, - const char *buf, unsigned int len, - snd_flags_t send_flags, long* resp, - tcp_low_level_send_t tcp_do_send_f) +int tls_encode_f(struct tcp_connection *c, + const char* *pbuf, unsigned int* plen) { int n, offs; SSL* ssl; struct tls_extra_data* tls_c; - unsigned char wr_buf[TLS_WR_MBUF_SZ]; + static unsigned char wr_buf[TLS_WR_MBUF_SZ]; struct tls_mbuf rd, wr; int ssl_error; char* err_src; + const char* buf; + unsigned int len; int x; - TLS_WR_TRACE("(%d, %p, %p, %d, send_flags, %p, %p) start (%s:%d* -> %s)\n", - fd, c, buf, len, resp, tcp_do_send_f, - ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port, + buf = *pbuf; + len = *plen; + TLS_WR_TRACE("(%p, %p, %d) start (%s:%d* -> %s)\n", + c, buf, len, ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port, su2a(&c->rcv.src_su, sizeof(c->rcv.src_su))); - *resp = CONN_NOP; n = 0; offs = 0; ssl_error = SSL_ERROR_NONE; err_src = "TLS write:"; - lock_get(&c->write_lock); if (unlikely(tls_fix_connection(c) < 0)) { /* c->extra_data might be null => exit immediately */ ERR("tls_fix_connection failed\n"); - lock_release(&c->write_lock); - *resp = CONN_ERROR; return -1; } tls_c = (struct tls_extra_data*)c->extra_data; ssl = tls_c->ssl; + tls_mbuf_init(&rd, 0, 0); /* no read */ + tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf)); /* clear text already queued (WANTS_READ) queue directly*/ if (unlikely(tls_write_wants_read(tls_c))) { TLS_WR_TRACE("(%p) WANTS_READ queue present => queueing" @@ -664,13 +658,11 @@ static int tls_generic_send(int fd, struct tcp_connection *c, } goto end; } - tls_mbuf_init(&rd, 0, 0); /* no read */ -redo_wr: - tls_mbuf_init(&wr, wr_buf, sizeof(wr_buf)); if (unlikely(tls_set_mbufs(c, &rd, &wr) < 0)) { ERR("tls_set_mbufs failed\n"); goto error; } +redo_wr: if (unlikely(tls_c->state == S_TLS_CONNECTING)) { n = tls_connect(c, &ssl_error); TLS_WR_TRACE("(%p) tls_connect() => %d (err=%d)\n", c, n, ssl_error); @@ -704,22 +696,6 @@ redo_wr: } TLS_WR_TRACE("(%p) SSL_write(%p + %d, %d) => %d (err=%d)\n", c, buf, offs, len - offs, n, ssl_error); - if (wr.used ) { - TLS_WR_TRACE("(%p) sending (tcp) %d bytes\n", c, wr.used); - /* something was written */ - if (unlikely( n < (len -offs) && n >= 0)) { - /* if partial tls write, don't force close the tcp connection */ - tcpconn_set_send_flags(c, send_flags); /* set the original flags */ - send_flags.f &= ~SND_F_CON_CLOSE; - } - if (unlikely(tcp_do_send_f(fd, c, (char*)wr.buf, wr.used, - send_flags, resp, 1) < 0)){ - tls_set_mbufs(c, 0, 0); - TLS_WR_TRACE("(%p) tcp_do_send_f[%p] error sending %d bytes\n", c, - tcp_do_send_f, wr.used ); - goto error_send; - } - } /* check for possible ssl errors */ if (unlikely(n <= 0)){ switch(ssl_error) { @@ -794,76 +770,28 @@ redo_wr: } tls_set_mbufs(c, 0, 0); end: - lock_release(&c->write_lock); - TLS_WR_TRACE("(%p) end (offs %d) => %d (*resp = %ld)\n", - c, len, len, *resp); - return len; + *pbuf = (const char*)wr.buf; + *plen = wr.used; + TLS_WR_TRACE("(%p) end (offs %d) => %d \n", + c, offs, *plen); + return *plen; error: -error_send: +/*error_send:*/ error_wq_full: bug: tls_set_mbufs(c, 0, 0); - lock_release(&c->write_lock); - TLS_WR_TRACE("(%p) end error (offs %d) => (prev *resp = %ld)\n", - c, offs, *resp); - *resp = CONN_ERROR; + TLS_WR_TRACE("(%p) end error (offs %d, %d encoded) => -1\n", + c, offs, wr.used); return -1; ssl_eof: c->state = S_CONN_EOF; - lock_release(&c->write_lock); + c->flags |= F_CONN_FORCE_EOF; + *pbuf = (const char*)wr.buf; + *plen = wr.used; DBG("TLS connection has been closed\n"); - TLS_WR_TRACE("(%p) end EOF (offs %d) => (prev *resp = %ld)\n", - c, offs, *resp); - *resp = CONN_EOF; - return -1; -} - - - -/** tls do_send callback. - * It is called for all sends (by the tcp send code), except the first send - * on an async connection (@see tls_1st_send). - * WARNING: it must _not_ be called with c->write_lock held! - * @param c - tcp connection - * @param fd - valid file descriptor for the tcp connection - * @param buf - data - * @param len - data size - * @param send_flags - * @param resp - filled with a cmd. for tcp_main (@see tcpconn_do_send() for - * more details) - * - * @return >=0 on success, < 0 on error && * resp == CON_ERROR. - */ -int tls_do_send_f(int fd, struct tcp_connection *c, - const char *buf, unsigned int len, - snd_flags_t send_flags, long* resp) -{ - return tls_generic_send(fd, c, buf, len, send_flags, resp, - tcpconn_do_send); -} - - - -/** tls 1st_send callback. - * It is called for the first send on an async tcp connection - * (should be non-blocking). - * WARNING: it must _not_ be called with c->write_lock held! - * @param c - tcp connection - * @param fd - valid file descriptor for the tcp connection - * @param buf - data - * @param len - data size - * @param send_flags - * @param resp - filled with a cmd. for tcp_main (@see tcpconn_1st_send() for - * more details) - * - * @return >=0 on success, < 0 on error && * resp == CON_ERROR. - */ -int tls_1st_send_f(int fd, struct tcp_connection *c, - const char *buf, unsigned int len, - snd_flags_t send_flags, long* resp) -{ - return tls_generic_send(fd, c, buf, len, send_flags, resp, - tcpconn_1st_send); + TLS_WR_TRACE("(%p) end EOF (offs %d) => (%d\n", + c, offs, *plen); + return *plen; } @@ -1105,8 +1033,6 @@ continue_ssl_read: if (unlikely(n <= 0)) { ssl_error = SSL_get_error(ssl, n); err_src = "TLS read:"; - TLS_RD_TRACE("(%p, %p) SSL_read() err=%d\n", - c, flags, ssl_error); /* errors handled below, outside the lock */ } else { ssl_error = SSL_ERROR_NONE; @@ -1115,7 +1041,7 @@ continue_ssl_read: bytes_free -=n; } TLS_RD_TRACE("(%p, %p) SSL_read() => %d (err=%d) ssl_read=%d" - "*flags=%d tls_c->flags=%d\n", + " *flags=%d tls_c->flags=%d\n", c, flags, n, ssl_error, ssl_read, *flags, tls_c->flags); ssl_read_skipped: diff --git a/modules/tls/tls_server.h b/modules/tls/tls_server.h index 9e615af..ba28067 100644 --- a/modules/tls/tls_server.h +++ b/modules/tls/tls_server.h @@ -83,13 +83,8 @@ void tls_h_tcpconn_clean(struct tcp_connection *c); */ void tls_h_close(struct tcp_connection *c, int fd); -int tls_do_send_f(int fd, struct tcp_connection *c, - const char *buf, unsigned int len, - snd_flags_t send_flags, long* resp); - -int tls_1st_send_f(int fd, struct tcp_connection *c, - const char *buf, unsigned int len, - snd_flags_t send_flags, long* resp); +int tls_encode_f(struct tcp_connection *c, + const char ** pbuf, unsigned int* plen); int tls_read_f(struct tcp_connection *c, int* flags);

14 years, 7 months

git:andrei/tcp_tls_changes: tcp: change tls send callback interface

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: 5f65308938f456770638ed5bac4768f94391005b URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5f65308… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Wed Jun 23 23:17:15 2010 +0200 tcp: change tls send callback interface Instead of 2 different tls send callbacks (with a 3rd one needed), switch to a different model: 1 tls callback that is supposed to replace the passed buffer with a tls processed version of it. This simplifies the tls code and more importantly doesn't require that the tls send code has very detailed knowledge about the tcp state machine. Some of the saved complexity moved from the tls module to the tcp code, but at least this way on changes there's only one place to update. The tls callbacks for reading and sending are now very different: while the send callback has become now more of an encoder callback, the read callback should still perform the tcp read by itself. While this is not very consistent it does saves unneeded memory copies. --- tcp_int_send.h | 12 +---- tcp_main.c | 141 +++++++++++++++++++++++++++++++++++++++++--------------- tcp_server.h | 2 +- tls_hooks.c | 2 +- tls_hooks.h | 23 ++++----- 5 files changed, 119 insertions(+), 61 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=5f6…

14 years, 7 months

git:master: dns_cache: dns.view RPC command fix

by Miklos Tirpak

Module: sip-router Branch: master Commit: 249312d7beff3ea6c3cf2fb0441262e770316eb1 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=249312d… Author: Miklos Tirpak <miklos(a)iptel.org> Committer: Miklos Tirpak <miklos(a)iptel.org> Date: Thu Jun 17 11:01:31 2010 +0200 dns_cache: dns.view RPC command fix Do not print out the expiration time of the resource records in a permanent cache entry, they never expire. --- dns_cache.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/dns_cache.c b/dns_cache.c index 3c98779..2ec3d3e 100644 --- a/dns_cache.c +++ b/dns_cache.c @@ -3868,7 +3868,8 @@ void dns_cache_print_entry(rpc_t* rpc, void* ctx, struct dns_hash_entry* e) rpc->printf(ctx, "%sresource record: unknown", SPACE_FORMAT); } - rpc->printf(ctx, "%srr expires in (s): %d", SPACE_FORMAT, + if ((e->ent_flags & DNS_FLAG_PERMANENT) == 0) + rpc->printf(ctx, "%srr expires in (s): %d", SPACE_FORMAT, (s_ticks_t)(rr->expire-now)<0?-1 : TICKS_TO_S(rr->expire-now)); }

14 years, 7 months

git:master: dns cache: dns_cache_rec_pref without #define CACHE_RELEVANT_RECS_ONLY

by Miklos Tirpak

Module: sip-router Branch: master Commit: 0ce55adcdf00d5a04faf8ed26e019a9fac3b7db6 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0ce55ad… Author: Miklos Tirpak <miklos(a)iptel.org> Committer: Miklos Tirpak <miklos(a)iptel.org> Date: Wed Jun 23 17:27:41 2010 +0200 dns cache: dns_cache_rec_pref without #define CACHE_RELEVANT_RECS_ONLY Added support for the dns_cache_rec_pref config variable when CACHE_RELEVANT_RECS_ONLY is not defined. --- dns_cache.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 files changed, 50 insertions(+), 4 deletions(-) diff --git a/dns_cache.c b/dns_cache.c index adf2940..a501e3e 100644 --- a/dns_cache.c +++ b/dns_cache.c @@ -2048,10 +2048,56 @@ inline static struct dns_hash_entry* dns_cache_do_request(str* name, int type) to it */ } } - dns_cache_add_unsafe(r); /* refcnt++ inside */ - if (atomic_get(&r->refcnt)==0){ - /* if cache adding failed and nobody else is interested - * destroy this entry */ + + /* add the new record to the cache by default */ + add_record = 1; + if (cfg_get(core, core_cfg, dns_cache_rec_pref) > 0) { + /* check whether there is an old record with the + * same type in the cache */ + rec_name.s = r->name; + rec_name.len = r->name_len; + old = _dns_hash_find(&rec_name, r->type, &h, &err); + if (old) { + if (old->type != r->type) { + /* probably CNAME found */ + old = NULL; + + } else if (old->ent_flags & DNS_FLAG_PERMANENT) { + /* never overwrite permanent entries */ + add_record = 0; + + } else if ((old->ent_flags & DNS_FLAG_BAD_NAME) == 0) { + /* Non-negative, non-permanent entry found with + * the same type. */ + add_record = + /* prefer new records */ + ((cfg_get(core, core_cfg, dns_cache_rec_pref) == 2) + /* prefer the record with the longer lifetime */ + || ((cfg_get(core, core_cfg, dns_cache_rec_pref) == 3) + && TICKS_LT(old->expire, r->expire))); + } + } + } + if (add_record) { + dns_cache_add_unsafe(r); /* refcnt++ inside */ + if (atomic_get(&r->refcnt)==0){ + /* if cache adding failed and nobody else is interested + * destroy this entry */ + dns_destroy_entry(r); + } + if (old) { + _dns_hash_remove(old); + old = NULL; + } + } else { + if (old) { + if (r == e) { + /* this entry has to be returned */ + e = old; + atomic_inc(&e->refcnt); + } + old = NULL; + } dns_destroy_entry(r); } }

14 years, 7 months

git:master: dns cache: dns_cache_rec_pref config var added

by Miklos Tirpak

Module: sip-router Branch: master Commit: 1b30ae44d71332d7e96221ee444a1aede2d3da01 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1b30ae4… Author: Miklos Tirpak <miklos(a)iptel.org> Committer: Miklos Tirpak <miklos(a)iptel.org> Date: Wed Jun 23 16:34:56 2010 +0200 dns cache: dns_cache_rec_pref config var added The config variable, dns_cache_rec_pref, can be used to set the DNS cache preference as follows: 0 - do not check duplicates (default) 1 - prefer old records 2 - prefer new records 3 - prefer records with longer lifetime This variable is checked when a duplicated record is tried to be inserted into the cache. For instance the SRV query answer contains also an A record which is already in the cache. If the config var is not 0, then permanent entries are always preferred. Note: works only with #define CACHE_RELEVANT_RECS_ONLY at the moment. --- NEWS | 6 ++++++ cfg_core.c | 7 +++++++ cfg_core.h | 1 + dns_cache.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 67 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 0112243..5d691cb 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,7 @@ core: See dst_blacklist_udp_imask a.s.o (dst_blacklist_*_imask). - per message blacklist ignore masks - route() now supports rvalue expressions (e.g. route("test"+$i)) + - support for permanent entries in the DNS cache. new config variables: - dst_blacklist_udp_imask - global blacklist events ignore mask for udp @@ -27,6 +28,11 @@ new config variables: - dst_blacklist_tcp_imask - like dst_blacklist_udp_imask, but for tcp. - dst_blacklist_tls_imask - like dst_blacklist_tls_imask, but for tcp. - dst_blacklist_sctp_imask -like dst_blacklist_sctp_imask, but for tcp. + - dns_cache_rec_pref - DNS cache record preference: + 0 - do not check duplicates (default) + 1 - prefer old records + 2 - prefer new records + 3 - prefer records with longer lifetime modules: - blst: functions for ignoring blacklist events per message: diff --git a/cfg_core.c b/cfg_core.c index 101ba9f..d819dee 100644 --- a/cfg_core.c +++ b/cfg_core.c @@ -102,6 +102,7 @@ struct cfg_group_core default_core_cfg = { DEFAULT_DNS_CACHE_MAX_TTL, /*!< maximum ttl */ DEFAULT_DNS_MAX_MEM, /*!< dns_cache_max_mem */ 0, /*!< dns_cache_del_nonexp -- delete only expired entries by default */ + 0, /*!< dns_cache_rec_pref -- 0 by default, do not check the existing entries. */ #endif #ifdef PKG_MALLOC 0, /*!< mem_dump_pkg */ @@ -206,6 +207,12 @@ cfg_def_t core_cfg_def[] = { {"dns_cache_del_nonexp", CFG_VAR_INT, 0, 1, 0, 0, "allow deletion of non-expired records from the cache when " "there is no more space left for new ones"}, + {"dns_cache_rec_pref", CFG_VAR_INT, 0, 3, 0, 0, + "DNS cache record preference: " + " 0 - do not check duplicates" + " 1 - prefer old records" + " 2 - prefer new records" + " 3 - prefer records with longer lifetime"}, #endif #ifdef PKG_MALLOC {"mem_dump_pkg", CFG_VAR_INT, 0, 0, 0, mem_dump_pkg_cb, diff --git a/cfg_core.h b/cfg_core.h index 1e86692..c0d83c8 100644 --- a/cfg_core.h +++ b/cfg_core.h @@ -92,6 +92,7 @@ struct cfg_group_core { unsigned int dns_cache_max_ttl; unsigned int dns_cache_max_mem; int dns_cache_del_nonexp; + int dns_cache_rec_pref; #endif #ifdef PKG_MALLOC int mem_dump_pkg; diff --git a/dns_cache.c b/dns_cache.c index 2ec3d3e..adf2940 100644 --- a/dns_cache.c +++ b/dns_cache.c @@ -1874,10 +1874,14 @@ inline static struct dns_hash_entry* dns_cache_do_request(str* name, int type) struct ip_addr* ip; str cname_val; char name_buf[MAX_DNS_NAME]; + struct dns_hash_entry* old; + str rec_name; + int add_record, h, err; e=0; l=0; cname_val.s=0; + old = NULL; #ifdef USE_DNS_CACHE_STATS if (dns_cache_stats) @@ -1944,10 +1948,55 @@ inline static struct dns_hash_entry* dns_cache_do_request(str* name, int type) LOCK_DNS_HASH(); /* optimization */ for (r=l; r; r=t){ t=r->next; - dns_cache_add_unsafe(r); /* refcnt++ inside */ - if (atomic_get(&r->refcnt)==0){ - /* if cache adding failed and nobody else is interested - * destroy this entry */ + /* add the new record to the cache by default */ + add_record = 1; + if (cfg_get(core, core_cfg, dns_cache_rec_pref) > 0) { + /* check whether there is an old record with the + * same type in the cache */ + rec_name.s = r->name; + rec_name.len = r->name_len; + old = _dns_hash_find(&rec_name, r->type, &h, &err); + if (old) { + if (old->type != r->type) { + /* probably CNAME found */ + old = NULL; + + } else if (old->ent_flags & DNS_FLAG_PERMANENT) { + /* never overwrite permanent entries */ + add_record = 0; + + } else if ((old->ent_flags & DNS_FLAG_BAD_NAME) == 0) { + /* Non-negative, non-permanent entry found with + * the same type. */ + add_record = + /* prefer new records */ + ((cfg_get(core, core_cfg, dns_cache_rec_pref) == 2) + /* prefer the record with the longer lifetime */ + || ((cfg_get(core, core_cfg, dns_cache_rec_pref) == 3) + && TICKS_LT(old->expire, r->expire))); + } + } + } + if (add_record) { + dns_cache_add_unsafe(r); /* refcnt++ inside */ + if (atomic_get(&r->refcnt)==0){ + /* if cache adding failed and nobody else is interested + * destroy this entry */ + dns_destroy_entry(r); + } + if (old) { + _dns_hash_remove(old); + old = NULL; + } + } else { + if (old) { + if (r == e) { + /* this entry has to be returned */ + e = old; + atomic_inc(&e->refcnt); + } + old = NULL; + } dns_destroy_entry(r); } }

14 years, 7 months

new developer: Timo Reimann

by Henning Westerholt

Hi all, i'm happy to announce a new developer for the sip-router project: Timo Reimann. Timo is an experienced developer in our offices in Karlsruhe and since over one year part of the team that develops our VoIP backend services. His past work involved extensions for the dialog module and also a new lawful interception solution that we use in-house. He contributed (with some other developers) to the new dialog design in the last months and will continue to work on this in the future. Best regards, Henning -- Henning Westerholt - Development Consumer Products / Consumer Core 1&1 Internet AG, Ernst-Frey-Str. 9, 76135 Karlsruhe, Germany

14 years, 7 months

git:andrei/tcp_tls_changes: tls: very verbose debug logging

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: eac7fbc0f03746c39a282777cd63b68e3598655e URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=eac7fbc… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Jun 22 11:21:46 2010 +0200 tls: very verbose debug logging Added very verbose debug messages. To enable them, compile with -DTLS_RD_DEBUG for debugging the read path and with -DTLS_WR_DEBUG for debugging the write path. --- modules/tls/tls_bio.c | 6 +- modules/tls/tls_server.c | 169 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 148 insertions(+), 27 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=eac…

14 years, 7 months

GSoC2010: welcome Marius Bucur

by Daniel-Constantin Mierla

Hello, GSoC2010 selected projects were announced several days ago. I want to welcome Marius Bucur, students at Computer Science Faculty in Bucharest. He is going to implement our proposed project about presence support for audio conference mixers: http://www.sip-communicator.org/index.php/GSOC2010/Kamailio4575 It will be tight related to implementation in SEMS conference mixer: http://www.sip-communicator.org/index.php/GSOC2010/SEMSAudioLevels Shortly, is about getting presence updates about participants in a conference room, who is speaking, audio levels of speakers, etc. SIP Communicator is a softphone that has support for this features, see a presentation about it at: http://www.kamailio.org/events/2010-FOSDEM/SIP.Communicator-FOSDEM-2010.pdf http://www.sip-communicator.org/ Please provide Marius hints and guidelines as fast as you can for him to get quickly into application architecture. Along with me, Marius Zbihlei will officially help in mentoring, if you have questions about GSoC project administration, etc., contact one of us. Cheers, Daniel -- Daniel-Constantin Mierla * http://www.asipto.com/ * http://twitter.com/miconda * http://www.linkedin.com/in/danielconstantinmierla

14 years, 7 months

git:andrei/tcp_tls_changes: tcp: don' t reset read_flags on RD_CONN_REPEAT_READ

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: 21b8cf904aa6abe20d930385bf912ccf66666341 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=21b8cf9… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Sun Jun 20 19:20:12 2010 +0200 tcp: don't reset read_flags on RD_CONN_REPEAT_READ Allow flags value propagation between tcp_read*() that asked to be repeated (RD_CONN_REPEAT_READ). This allows an optimization in the tls read code: when repeating a tls_read, don't try a tcp read syscall if the previous attempt did get the whole socket receive buffer (RD_CONN_SHORT_READ) or detected EOF (use only the buffered data if any). --- tcp_read.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tcp_read.c b/tcp_read.c index 441521f..4881844 100644 --- a/tcp_read.c +++ b/tcp_read.c @@ -137,8 +137,8 @@ static ticks_t tcp_reader_prev_ticks; * RD_CONN_FORCE_EOF. * RD_CONN_REPEAT_READ - the read should be repeated immediately * (used only by the tls code for now). - * Note: RD_CONN_SHORT_READ & RD_CONN_EOF must be cleared - * before calling this function. + * Note: RD_CONN_SHORT_READ & RD_CONN_EOF _are_ not cleared internally, + * so one should clear them before calling this function. * @return number of bytes read, 0 on EOF or -1 on error, * on EOF it also sets c->state to S_CONN_EOF. * (to distinguish from reads that would block which could return 0) @@ -955,14 +955,14 @@ again: con, con->id, atomic_get(&con->refcnt)); goto con_error; } -#ifdef USE_TLS -repeat_1st_read: -#endif /* USE_TLS */ /* if we received the fd there is most likely data waiting to * be read => process it first to avoid extra sys calls */ read_flags=((con->flags & (F_CONN_EOF_SEEN|F_CONN_FORCE_EOF)) && !(con->flags & F_CONN_OOB_DATA))? RD_CONN_FORCE_EOF :0; +#ifdef USE_TLS +repeat_1st_read: +#endif /* USE_TLS */ resp=tcp_read_req(con, &n, &read_flags); if (unlikely(resp<0)){ /* some error occured, but on the new fd, not on the tcp @@ -1011,9 +1011,6 @@ repeat_1st_read: con, con->id, atomic_get(&con->refcnt)); goto read_error; } -#ifdef USE_TLS -repeat_read: -#endif /* USE_TLS */ #ifdef POLLRDHUP read_flags=(((events & POLLRDHUP) | (con->flags & (F_CONN_EOF_SEEN|F_CONN_FORCE_EOF))) @@ -1021,6 +1018,9 @@ repeat_read: #else /* POLLRDHUP */ read_flags=0; #endif /* POLLRDHUP */ +#ifdef USE_TLS +repeat_read: +#endif /* USE_TLS */ resp=tcp_read_req(con, &ret, &read_flags); if (unlikely(resp<0)){ read_error:

14 years, 7 months

git:andrei/tcp_tls_changes: tls: deal with internal openssl buffering

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: 0d8b211d146dad87a5751928b44c6f791352559a URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0d8b211… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Sun Jun 20 18:58:58 2010 +0200 tls: deal with internal openssl buffering SSL_read() will not only buffer data internally (behaviour exacerbated by setting readahead to 1), but will also return the decrypted data on a record basis (even if readahead is 1 and it has read several records, it will return only the decrypted data from the current record). SSL_pending() can be used to see if there is more data buffered internally only if readaahead is not set and if the SSL_read() returned because it did not have enough space in the output buffer (it's useless for any other case because it returns the bytes in the current record that can be retrieved immediately and hence if SSL_read() stopped at a record boundary it will return 0). The solution is to repeat the SSL_read() call until the output buffer is completely filled or error (repeat it even if it did consume the whole input, it could still have the data buffered internally). In the case when the output buffer is completely filled, the entire tls_read_f() call should be retried as soon as more space becomes available (set RD_CONN_REPEAT_READ). Fixes read data delayed until the next packet arrives or possible lost reads (if no other data is sent and part of the previous data is buffered inside openssl). --- modules/tls/tls_server.c | 178 +++++++++++++++++++++++++++++++++------------ modules/tls/tls_server.h | 1 - 2 files changed, 130 insertions(+), 49 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0d8…

14 years, 7 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev