Module: sip-router
Branch: master
Commit: 1d6d5cd5d4ff7cd488edfaea5600f02b7d3612fa
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1d6d5cd…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Mon May 26 14:17:43 2014 +0200
tls: execute event_route[tls:connection-out]
- done when a new outgoing tls connection is opened
- ongoing work, to allow an option to drop the connection based on
config decision
---
modules/tls/tls_mod.c | 1 +
modules/tls/tls_select.c | 10 ++++++++++
modules/tls/tls_select.h | 3 +++
modules/tls/tls_server.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
modules/tls/tls_server.h | 2 ++
5 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
index 97175e3..eb40b04 100644
--- a/modules/tls/tls_mod.c
+++ b/modules/tls/tls_mod.c
@@ -348,6 +348,7 @@ static int mod_init(void)
#ifndef OPENSSL_NO_DH
LM_INFO("With Diffie Hellman\n");
#endif
+ tls_lookup_event_routes();
return 0;
error:
destroy_tls_h();
diff --git a/modules/tls/tls_select.c b/modules/tls/tls_select.c
index 6305448..5e70d13 100644
--- a/modules/tls/tls_select.c
+++ b/modules/tls/tls_select.c
@@ -101,11 +101,21 @@ enum {
+static struct tcp_connection* _tls_pv_con = 0;
+void tls_set_pv_con(struct tcp_connection *c)
+{
+ _tls_pv_con = c;
+}
+
struct tcp_connection* get_cur_connection(struct sip_msg* msg)
{
struct tcp_connection* c;
+
+ if(_tls_pv_con != 0)
+ return _tls_pv_con;
+
if (msg->rcv.proto != PROTO_TLS) {
ERR("Transport protocol is not TLS (bug in config)\n");
return 0;
diff --git a/modules/tls/tls_select.h b/modules/tls/tls_select.h
index 3d5b8d0..5d40cc1 100644
--- a/modules/tls/tls_select.h
+++ b/modules/tls/tls_select.h
@@ -43,9 +43,12 @@
#include "../../select.h"
#include "../../pvar.h"
+#include "../../tcp_conn.h"
extern select_row_t tls_sel[];
extern pv_export_t tls_pv[];
+void tls_set_pv_con(struct tcp_connection *c);
+
#endif /* _TLS_SELECT_H */
diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c
index cfd09c4..ad80400 100644
--- a/modules/tls/tls_server.c
+++ b/modules/tls/tls_server.c
@@ -46,6 +46,9 @@
#include "../../tcp_int_send.h"
#include "../../tcp_read.h"
#include "../../cfg/cfg.h"
+#include "../../route.h"
+#include "../../forward.h"
+#include "../../onsend.h"
#include "tls_init.h"
#include "tls_domain.h"
@@ -56,6 +59,8 @@
#include "tls_dump_vf.h"
#include "tls_cfg.h"
+int tls_run_event_routes(struct tcp_connection *c);
+
/* low memory treshold for openssl bug #1491 workaround */
#define LOW_MEM_NEW_CONNECTION_TEST() \
(cfg_get(tls, tls_cfg, low_mem_threshold1) && \
@@ -435,6 +440,7 @@ int tls_connect(struct tcp_connection *c, int* error)
LOG(tls_log, "tls_connect: server did not "
"present a certificate\n");
}
+ tls_run_event_routes(c);
} else { /* 0 or < 0 */
*error = SSL_get_error(ssl, ret);
}
@@ -1343,3 +1349,42 @@ bug:
c, flags, ssl_read, *flags);
return -1;
}
+
+
+static int _tls_evrt_connection_out = -1; /* default disabled */
+
+/*!
+ * lookup tls event routes
+ */
+void tls_lookup_event_routes(void)
+{
+ _tls_evrt_connection_out=route_lookup(&event_rt, "tls:connection-out");
+ if (_tls_evrt_connection_out>=0 &&
event_rt.rlist[_tls_evrt_connection_out]==0)
+ _tls_evrt_connection_out=-1; /* disable */
+ if(_tls_evrt_connection_out!=-1)
+ forward_set_send_info(1);
+}
+
+/**
+ *
+ */
+int tls_run_event_routes(struct tcp_connection *c)
+{
+ int backup_rt;
+ struct run_act_ctx ctx;
+ sip_msg_t tmsg;
+
+ if(_tls_evrt_connection_out<0)
+ return 0;
+ if(p_onsend==0 || p_onsend->msg==0)
+ return 0;
+
+ backup_rt = get_route_type();
+ set_route_type(LOCAL_ROUTE);
+ init_run_actions_ctx(&ctx);
+ tls_set_pv_con(c);
+ run_top_route(event_rt.rlist[_tls_evrt_connection_out], &tmsg, 0);
+ tls_set_pv_con(0);
+ set_route_type(backup_rt);
+ return 0;
+}
diff --git a/modules/tls/tls_server.h b/modules/tls/tls_server.h
index d564425..abb3b13 100644
--- a/modules/tls/tls_server.h
+++ b/modules/tls/tls_server.h
@@ -93,4 +93,6 @@ int tls_h_fix_read_conn(struct tcp_connection *c);
int tls_connect(struct tcp_connection *c, int* error);
int tls_accept(struct tcp_connection *c, int* error);
+
+void tls_lookup_event_routes(void);
#endif /* _TLS_SERVER_H */