Module: sip-router Branch: master Commit: 1d6d5cd5d4ff7cd488edfaea5600f02b7d3612fa URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1d6d5cd5...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Mon May 26 14:17:43 2014 +0200
tls: execute event_route[tls:connection-out]
- done when a new outgoing tls connection is opened - ongoing work, to allow an option to drop the connection based on config decision
---
modules/tls/tls_mod.c | 1 + modules/tls/tls_select.c | 10 ++++++++++ modules/tls/tls_select.h | 3 +++ modules/tls/tls_server.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ modules/tls/tls_server.h | 2 ++ 5 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c index 97175e3..eb40b04 100644 --- a/modules/tls/tls_mod.c +++ b/modules/tls/tls_mod.c @@ -348,6 +348,7 @@ static int mod_init(void) #ifndef OPENSSL_NO_DH LM_INFO("With Diffie Hellman\n"); #endif + tls_lookup_event_routes(); return 0; error: destroy_tls_h(); diff --git a/modules/tls/tls_select.c b/modules/tls/tls_select.c index 6305448..5e70d13 100644 --- a/modules/tls/tls_select.c +++ b/modules/tls/tls_select.c @@ -101,11 +101,21 @@ enum {
+static struct tcp_connection* _tls_pv_con = 0;
+void tls_set_pv_con(struct tcp_connection *c) +{ + _tls_pv_con = c; +} + struct tcp_connection* get_cur_connection(struct sip_msg* msg) { struct tcp_connection* c; + + if(_tls_pv_con != 0) + return _tls_pv_con; + if (msg->rcv.proto != PROTO_TLS) { ERR("Transport protocol is not TLS (bug in config)\n"); return 0; diff --git a/modules/tls/tls_select.h b/modules/tls/tls_select.h index 3d5b8d0..5d40cc1 100644 --- a/modules/tls/tls_select.h +++ b/modules/tls/tls_select.h @@ -43,9 +43,12 @@
#include "../../select.h" #include "../../pvar.h" +#include "../../tcp_conn.h"
extern select_row_t tls_sel[];
extern pv_export_t tls_pv[];
+void tls_set_pv_con(struct tcp_connection *c); + #endif /* _TLS_SELECT_H */ diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c index cfd09c4..ad80400 100644 --- a/modules/tls/tls_server.c +++ b/modules/tls/tls_server.c @@ -46,6 +46,9 @@ #include "../../tcp_int_send.h" #include "../../tcp_read.h" #include "../../cfg/cfg.h" +#include "../../route.h" +#include "../../forward.h" +#include "../../onsend.h"
#include "tls_init.h" #include "tls_domain.h" @@ -56,6 +59,8 @@ #include "tls_dump_vf.h" #include "tls_cfg.h"
+int tls_run_event_routes(struct tcp_connection *c); + /* low memory treshold for openssl bug #1491 workaround */ #define LOW_MEM_NEW_CONNECTION_TEST() \ (cfg_get(tls, tls_cfg, low_mem_threshold1) && \ @@ -435,6 +440,7 @@ int tls_connect(struct tcp_connection *c, int* error) LOG(tls_log, "tls_connect: server did not " "present a certificate\n"); } + tls_run_event_routes(c); } else { /* 0 or < 0 */ *error = SSL_get_error(ssl, ret); } @@ -1343,3 +1349,42 @@ bug: c, flags, ssl_read, *flags); return -1; } + + +static int _tls_evrt_connection_out = -1; /* default disabled */ + +/*! + * lookup tls event routes + */ +void tls_lookup_event_routes(void) +{ + _tls_evrt_connection_out=route_lookup(&event_rt, "tls:connection-out"); + if (_tls_evrt_connection_out>=0 && event_rt.rlist[_tls_evrt_connection_out]==0) + _tls_evrt_connection_out=-1; /* disable */ + if(_tls_evrt_connection_out!=-1) + forward_set_send_info(1); +} + +/** + * + */ +int tls_run_event_routes(struct tcp_connection *c) +{ + int backup_rt; + struct run_act_ctx ctx; + sip_msg_t tmsg; + + if(_tls_evrt_connection_out<0) + return 0; + if(p_onsend==0 || p_onsend->msg==0) + return 0; + + backup_rt = get_route_type(); + set_route_type(LOCAL_ROUTE); + init_run_actions_ctx(&ctx); + tls_set_pv_con(c); + run_top_route(event_rt.rlist[_tls_evrt_connection_out], &tmsg, 0); + tls_set_pv_con(0); + set_route_type(backup_rt); + return 0; +} diff --git a/modules/tls/tls_server.h b/modules/tls/tls_server.h index d564425..abb3b13 100644 --- a/modules/tls/tls_server.h +++ b/modules/tls/tls_server.h @@ -93,4 +93,6 @@ int tls_h_fix_read_conn(struct tcp_connection *c);
int tls_connect(struct tcp_connection *c, int* error); int tls_accept(struct tcp_connection *c, int* error); + +void tls_lookup_event_routes(void); #endif /* _TLS_SERVER_H */
-
Daniel-Constantin Mierla