[sr-dev] git:andrei/tcp_tls_changes: tls: rpc: tls.list and tls.options update
Andrei Pelinescu-Onciul
andrei at iptel.org
Fri Jun 4 18:49:59 CEST 2010
Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: 0dbb49bd6e08cfd80bb65da23fe048511d3983b7
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0dbb49bd6e08cfd80bb65da23fe048511d3983b7
Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date: Fri Jun 4 18:43:15 2010 +0200
tls: rpc: tls.list and tls.options update
- tls.list update/cleanups (more detailed now)
- tls.options - print also the new options.
- code in tls_rpc.* is iptelorg only => changed (c) and license
(BSD-like).
---
modules/tls/tls_rpc.c | 121 ++++++++++++++++++++++++++++++++-----------------
modules/tls/tls_rpc.h | 23 ++++-----
2 files changed, 89 insertions(+), 55 deletions(-)
diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c
index 826f12c..650c972 100644
--- a/modules/tls/tls_rpc.c
+++ b/modules/tls/tls_rpc.c
@@ -4,24 +4,21 @@
* TLS module - management interface
*
* Copyright (C) 2001-2003 FhG FOKUS
- * Copyright (C) 2004,2005 Free Software Foundation, Inc.
* Copyright (C) 2005 iptelorg GmbH
*
* This file is part of sip-router, a free SIP server.
*
- * sip-router is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * sip-router is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/** tls module management interface (rpc).
* @file tls_rpc.c
@@ -102,46 +99,83 @@ extern struct tcp_connection** tcpconn_id_hash;
static void tls_list(rpc_t* rpc, void* c)
{
- static char buf[128];
+ char buf[128];
+ char src_ip[IP_ADDR_MAX_STR_SIZE];
+ char dst_ip[IP_ADDR_MAX_STR_SIZE];
void* handle;
char* tls_info;
- SSL* ssl;
+ char* state;
+ struct tls_extra_data* tls_d;
struct tcp_connection* con;
int i, len, timeout;
- ssl=0;
TCPCONN_LOCK;
for(i = 0; i < TCP_ID_HASH_SIZE; i++) {
- if (tcpconn_id_hash[i] == NULL) continue;
- con = tcpconn_id_hash[i];
- while(con) {
- if (con->rcv.proto != PROTO_TLS) goto skip;
- if (con->extra_data)
- ssl = ((struct tls_extra_data*)con->extra_data)->ssl;
- if (ssl) {
- tls_info = SSL_CIPHER_description(SSL_get_current_cipher(ssl),
- buf, 128);
- len = strlen(buf);
- if (len && buf[len - 1] == '\n') buf[len - 1] = '\0';
- } else {
- tls_info = "Unknown";
- }
- timeout = con->timeout - get_ticks();
- if (timeout < 0) timeout = 0;
+ for (con = tcpconn_id_hash[i]; con; con = con->id_next) {
+ if (con->rcv.proto != PROTO_TLS) continue;
+ tls_d = con->extra_data;
rpc->add(c, "{", &handle);
- rpc->struct_add(handle, "ddsdsds",
+ /* tcp data */
+ if (ip_addr2sbuf(&con->rcv.src_ip, src_ip, sizeof(src_ip)) == 0) {
+ BUG("failed to convert source ip");
+ src_ip[0]=0;
+ }
+ if (ip_addr2sbuf(&con->rcv.dst_ip, dst_ip, sizeof(dst_ip)) == 0) {
+ BUG("failed to convert destination ip");
+ dst_ip[0]=0;
+ }
+ timeout = TICKS_TO_S(con->timeout - get_ticks());
+ rpc->struct_add(handle, "ddsdsd",
"id", con->id,
"timeout", timeout,
- "src_ip", ip_addr2a(&con->rcv.src_ip),
+ "src_ip", src_ip,
"src_port", con->rcv.src_port,
- "dst_ip", ip_addr2a(&con->rcv.dst_ip),
- "dst_port", con->rcv.dst_port,
- "tls", tls_info);
- skip:
- con = con->id_next;
+ "dst_ip", dst_ip,
+ "dst_port", con->rcv.dst_port);
+ if (tls_d) {
+ tls_info = SSL_CIPHER_description(
+ SSL_get_current_cipher(tls_d->ssl),
+ buf, sizeof(buf));
+ len = strlen(buf);
+ if (len && buf[len - 1] == '\n') buf[len - 1] = '\0';
+ /* tls data */
+ state = "unknown/error";
+ lock_get(&con->write_lock);
+ switch(tls_d->state) {
+ case S_TLS_NONE:
+ state = "none/init";
+ break;
+ case S_TLS_ACCEPTING:
+ state = "tls_accept";
+ break;
+ case S_TLS_CONNECTING:
+ state = "tls_connect";
+ break;
+ case S_TLS_ESTABLISHED:
+ state = "established";
+ break;
+ }
+ rpc->struct_add(handle, "sddds",
+ "cipher", tls_info,
+ "ct_wq_size", tls_d->ct_wq?
+ tls_d->ct_wq->queued:0,
+ "enc_rd_buf", tls_d->enc_rd_buf?
+ tls_d->enc_rd_buf->size:0,
+ "flags", tls_d->flags,
+ "state", state
+ );
+ lock_release(&con->write_lock);
+ } else {
+ rpc->struct_add(handle, "sddds",
+ "cipher", "unknown",
+ "ct_wq_size", 0,
+ "enc_rd_buf", 0,
+ "flags", 0,
+ "state", "pre-init"
+ );
+ }
}
}
-
TCPCONN_UNLOCK;
}
@@ -169,7 +203,7 @@ static void tls_options(rpc_t* rpc, void* c)
{
void* handle;
rpc->add(c, "{", &handle);
- rpc->struct_add(handle, "dSdddSSSSdSSddddddddd",
+ rpc->struct_add(handle, "dSdddSSSSdSSdddddddddddd",
"force_run", cfg_get(tls, tls_cfg, force_run),
"method", &cfg_get(tls, tls_cfg, method),
"verify_certificate", cfg_get(tls, tls_cfg, verify_cert),
@@ -191,7 +225,10 @@ static void tls_options(rpc_t* rpc, void* c)
"ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment),
"ssl_read_ahead", cfg_get(tls, tls_cfg, ssl_read_ahead),
"low_mem_threshold1", cfg_get(tls, tls_cfg, low_mem_threshold1),
- "low_mem_threshold2", cfg_get(tls, tls_cfg, low_mem_threshold2)
+ "low_mem_threshold2", cfg_get(tls, tls_cfg, low_mem_threshold2),
+ "ct_wq_max", cfg_get(tls, tls_cfg, ct_wq_max),
+ "con_ct_wq_max", cfg_get(tls, tls_cfg, con_ct_wq_max),
+ "ct_wq_blk_size", cfg_get(tls, tls_cfg, ct_wq_blk_size)
);
}
diff --git a/modules/tls/tls_rpc.h b/modules/tls/tls_rpc.h
index b292de1..558bf0d 100644
--- a/modules/tls/tls_rpc.h
+++ b/modules/tls/tls_rpc.h
@@ -4,24 +4,21 @@
* TLS module - management interface
*
* Copyright (C) 2001-2003 FhG FOKUS
- * Copyright (C) 2004,2005 Free Software Foundation, Inc.
* Copyright (C) 2005 iptelorg GmbH
*
* This file is part of sip-router, a free SIP server.
*
- * sip-router is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * sip-router is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/** tls module management interface (rpc).
* @file tls_rpc.h
More information about the sr-dev
mailing list