From 5c60297a1eaab7b10d6f584ba329493a41b812d0 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sun, 6 Mar 2011 15:53:58 +0100 Subject: Restructure code, moving most code out of packet.c Also, move copyright notice out of COPYING and into every file. --- lib/tcp.c | 276 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 276 insertions(+) create mode 100644 lib/tcp.c (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c new file mode 100644 index 0000000..2e641f6 --- /dev/null +++ b/lib/tcp.c @@ -0,0 +1,276 @@ +/* Copyright 2011 NORDUnet A/S. All rights reserved. + See the file COPYING for licensing information. */ + +#if defined HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#if defined (RS_ENABLE_TLS) +#include +#include +#endif +#include +#include +#include "tcp.h" +#include "packet.h" +#include "debug.h" +#include "event.h" + +#if defined (DEBUG) +#include +#endif + +static int +_close_conn (struct rs_connection **connp) +{ + int r; + assert (connp); + assert (*connp); + r = rs_conn_destroy (*connp); + if (!r) + *connp = NULL; + return r; +} + +/* Read one RADIUS packet header. Return !0 on error. A return value + of 0 means that we need more data. */ +static int +_read_header (struct rs_packet *pkt) +{ + size_t n = 0; + + n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN); + if (n == RS_HEADER_LEN) + { + pkt->hdr_read_flag = 1; + pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3]; + if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096) + { + _close_conn (&pkt->conn); + return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, + "invalid packet length: %d", + pkt->rpkt->data_len); + } + pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len); + if (!pkt->rpkt->data) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, + NULL); + } + memcpy (pkt->rpkt->data, pkt->hdr, RS_HEADER_LEN); + bufferevent_setwatermark (pkt->conn->bev, EV_READ, + pkt->rpkt->data_len - RS_HEADER_LEN, 0); + rs_debug (("%s: packet header read, total pkt len=%d\n", + __func__, pkt->rpkt->data_len)); + } + else if (n < 0) + { + rs_debug (("%s: buffer frozen while reading header\n", __func__)); + } + else /* Error: libevent gave us less than the low watermark. */ + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__, + "got %d octets reading header", n); + } + + return 0; +} + +static int +_read_packet (struct rs_packet *pkt) +{ + size_t n = 0; + + rs_debug (("%s: trying to read %d octets of packet data\n", __func__, + pkt->rpkt->data_len - RS_HEADER_LEN)); + + n = bufferevent_read (pkt->conn->bev, + pkt->rpkt->data + RS_HEADER_LEN, + pkt->rpkt->data_len - RS_HEADER_LEN); + + rs_debug (("%s: read %ld octets of packet data\n", __func__, n)); + + if (n == pkt->rpkt->data_len - RS_HEADER_LEN) + { + bufferevent_disable (pkt->conn->bev, EV_READ); + rs_debug (("%s: complete packet read\n", __func__)); + pkt->hdr_read_flag = 0; + memset (pkt->hdr, 0, sizeof(*pkt->hdr)); + + /* Checks done by rad_packet_ok: + - lenghts (FIXME: checks really ok for tcp?) + - invalid code field + - attribute lengths >= 2 + - attribute sizes adding up correctly */ + if (!rad_packet_ok (pkt->rpkt, 0) != 0) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "invalid packet: %s", fr_strerror ()); + } + + /* TODO: Verify that reception of an unsolicited response packet + results in connection being closed. */ + + /* If we have a request to match this response against, verify + and decode the response. */ + if (pkt->original) + { + /* Verify header and message authenticator. */ + if (rad_verify (pkt->rpkt, pkt->original->rpkt, + pkt->conn->active_peer->secret)) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "rad_verify: %s", fr_strerror ()); + } + + /* Decode and decrypt. */ + if (rad_decode (pkt->rpkt, pkt->original->rpkt, + pkt->conn->active_peer->secret)) + { + _close_conn (&pkt->conn); + return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, + "rad_decode: %s", fr_strerror ()); + } + } + +#if defined (DEBUG) + /* Find out what happens if there's data left in the buffer. */ + { + size_t rest = 0; + rest = evbuffer_get_length (bufferevent_get_input (pkt->conn->bev)); + if (rest) + rs_debug (("%s: returning with %d octets left in buffer\n", __func__, + rest)); + } +#endif + + /* Hand over message to user, changes ownership of pkt. Don't + touch it afterwards -- it might have been freed. */ + if (pkt->conn->callbacks.received_cb) + pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data); + } + else if (n < 0) /* Buffer frozen. */ + rs_debug (("%s: buffer frozen when reading packet\n", __func__)); + else /* Short packet. */ + rs_debug (("%s: waiting for another %d octets\n", __func__, + pkt->rpkt->data_len - RS_HEADER_LEN - n)); + + return 0; +} + +/* Read callback for TCP. + + Read exactly one RADIUS message from BEV and store it in struct + rs_packet passed in CTX (hereby called 'pkt'). + + Verify the received packet against pkt->original, if !NULL. + + Inform upper layer about successful reception of valid RADIUS + message by invoking conn->callbacks.recevied_cb(), if !NULL. */ +void +tcp_read_cb (struct bufferevent *bev, void *user_data) +{ + struct rs_packet *pkt = (struct rs_packet *) user_data; + + assert (pkt); + assert (pkt->conn); + assert (pkt->rpkt); + + pkt->rpkt->sockfd = pkt->conn->fd; + pkt->rpkt->vps = NULL; + + if (!pkt->hdr_read_flag) + if (_read_header (pkt)) + return; + _read_packet (pkt); +} + +void +tcp_event_cb (struct bufferevent *bev, short events, void *user_data) +{ + struct rs_packet *pkt = (struct rs_packet *) user_data; + struct rs_connection *conn = NULL; + struct rs_peer *p = NULL; + int sockerr = 0; +#if defined (RS_ENABLE_TLS) + unsigned long tlserr = 0; +#endif + + assert (pkt); + assert (pkt->conn); + assert (pkt->conn->active_peer); + conn = pkt->conn; + p = conn->active_peer; + + conn->is_connecting = 0; + if (events & BEV_EVENT_CONNECTED) + { + event_on_connect (conn, pkt); + } + else if (events & BEV_EVENT_EOF) + { + event_on_disconnect (conn); + } + else if (events & BEV_EVENT_TIMEOUT) + { + rs_debug (("%s: %p times out on %s\n", __func__, p, + (events & BEV_EVENT_READING) ? "read" : "write")); + rs_err_conn_push_fl (pkt->conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); + } + else if (events & BEV_EVENT_ERROR) + { + sockerr = evutil_socket_geterror (conn->active_peer->fd); + if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */ + { + event_on_disconnect (conn); + } + else + { + rs_debug (("%s: %d: %d (%s)\n", __func__, conn->fd, sockerr, + evutil_socket_error_to_string (sockerr))); + rs_err_conn_push_fl (pkt->conn, RSE_SOCKERR, __FILE__, __LINE__, + "%d: %d (%s)", conn->fd, sockerr, + evutil_socket_error_to_string (sockerr)); + } +#if defined (RS_ENABLE_TLS) + if (conn->tls_ssl) /* FIXME: correct check? */ + { + for (tlserr = bufferevent_get_openssl_error (conn->bev); + tlserr; + tlserr = bufferevent_get_openssl_error (conn->bev)) + { + rs_debug (("%s: openssl error: %s\n", __func__, + ERR_error_string (tlserr, NULL))); + rs_err_conn_push_fl (pkt->conn, RSE_SSLERR, __FILE__, __LINE__, + ERR_error_string (tlserr, NULL)); + } + } +#endif /* RS_ENABLE_TLS */ + event_loopbreak (conn); + } + +#if defined (DEBUG) + if (events & BEV_EVENT_ERROR && events != BEV_EVENT_ERROR) + rs_debug (("%s: BEV_EVENT_ERROR and more: 0x%x\n", __func__, events)); +#endif +} + +void +tcp_write_cb (struct bufferevent *bev, void *ctx) +{ + struct rs_packet *pkt = (struct rs_packet *) ctx; + + assert (pkt); + assert (pkt->conn); + + if (pkt->conn->callbacks.sent_cb) + pkt->conn->callbacks.sent_cb (pkt->conn->user_data); +} + -- cgit v1.1 From f082f0d0617d12854a5fd0dc683d357144e36c5c Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sun, 6 Mar 2011 17:08:41 +0100 Subject: Move event_set_timeout --> tcp_set_connect_timeout. --- lib/tcp.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c index 2e641f6..acee94b 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -23,6 +23,24 @@ #include #endif +static void +_conn_timeout_cb (int fd, short event, void *data) +{ + struct rs_connection *conn; + + assert (data); + conn = (struct rs_connection *) data; + + if (event & EV_TIMEOUT) + { + rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n", + __func__, conn, conn->fd, conn->active_peer)); + conn->is_connecting = 0; + rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); + event_loopbreak (conn); + } +} + static int _close_conn (struct rs_connection **connp) { @@ -274,3 +292,19 @@ tcp_write_cb (struct bufferevent *bev, void *ctx) pkt->conn->callbacks.sent_cb (pkt->conn->user_data); } +int +tcp_set_connect_timeout (struct rs_connection *conn) +{ + struct timeval tv; + + if (!conn->tev) + conn->tev = evtimer_new (conn->evb, _conn_timeout_cb, conn); + if (!conn->tev) + return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, + "evtimer_new"); + tv.tv_sec = conn->realm->timeout; + tv.tv_usec = 0; + evtimer_add (conn->tev, &tv); + + return RSE_OK; +} -- cgit v1.1 From cbcaa6a7c8f8a6704f6b4a68f260020957214a07 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 7 Mar 2011 15:23:40 +0100 Subject: Move verification of response packets up to a level where it makes sense. Replace the user_dispatch_flag on connections with conn_user_dispatch_p(). Remove the 'original' member from packet and instead have an upper layer verify. Rename packet valid_flag --> received_flag to reflect that we don't verify. Move _close_conn() --> conn_close(). Move packet flags into a single unsigned int, for portability. (_read_packet): Don't verify packet. (rs_conn_receive_packet): Don't touch PKT_OUT if there isn't a packet. (rs_conn_receive_packet): Verify packet using packet_verify_response(). --- lib/tcp.c | 69 ++++++++++++++------------------------------------------------- 1 file changed, 15 insertions(+), 54 deletions(-) (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c index acee94b..1801d62 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -16,6 +16,7 @@ #include #include "tcp.h" #include "packet.h" +#include "conn.h" #include "debug.h" #include "event.h" @@ -41,18 +42,6 @@ _conn_timeout_cb (int fd, short event, void *data) } } -static int -_close_conn (struct rs_connection **connp) -{ - int r; - assert (connp); - assert (*connp); - r = rs_conn_destroy (*connp); - if (!r) - *connp = NULL; - return r; -} - /* Read one RADIUS packet header. Return !0 on error. A return value of 0 means that we need more data. */ static int @@ -63,11 +52,11 @@ _read_header (struct rs_packet *pkt) n = bufferevent_read (pkt->conn->bev, pkt->hdr, RS_HEADER_LEN); if (n == RS_HEADER_LEN) { - pkt->hdr_read_flag = 1; + pkt->flags |= rs_packet_hdr_read_flag; pkt->rpkt->data_len = (pkt->hdr[2] << 8) + pkt->hdr[3]; if (pkt->rpkt->data_len < 20 || pkt->rpkt->data_len > 4096) { - _close_conn (&pkt->conn); + conn_close (&pkt->conn); return rs_err_conn_push (pkt->conn, RSE_INVALID_PKT, "invalid packet length: %d", pkt->rpkt->data_len); @@ -75,7 +64,7 @@ _read_header (struct rs_packet *pkt) pkt->rpkt->data = rs_malloc (pkt->conn->ctx, pkt->rpkt->data_len); if (!pkt->rpkt->data) { - _close_conn (&pkt->conn); + conn_close (&pkt->conn); return rs_err_conn_push_fl (pkt->conn, RSE_NOMEM, __FILE__, __LINE__, NULL); } @@ -91,7 +80,7 @@ _read_header (struct rs_packet *pkt) } else /* Error: libevent gave us less than the low watermark. */ { - _close_conn (&pkt->conn); + conn_close (&pkt->conn); return rs_err_conn_push_fl (pkt->conn, RSE_INTERNAL, __FILE__, __LINE__, "got %d octets reading header", n); } @@ -117,7 +106,7 @@ _read_packet (struct rs_packet *pkt) { bufferevent_disable (pkt->conn->bev, EV_READ); rs_debug (("%s: complete packet read\n", __func__)); - pkt->hdr_read_flag = 0; + pkt->flags &= ~rs_packet_hdr_read_flag; memset (pkt->hdr, 0, sizeof(*pkt->hdr)); /* Checks done by rad_packet_ok: @@ -125,39 +114,13 @@ _read_packet (struct rs_packet *pkt) - invalid code field - attribute lengths >= 2 - attribute sizes adding up correctly */ - if (!rad_packet_ok (pkt->rpkt, 0) != 0) + if (!rad_packet_ok (pkt->rpkt, 0)) { - _close_conn (&pkt->conn); + conn_close (&pkt->conn); return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, "invalid packet: %s", fr_strerror ()); } - /* TODO: Verify that reception of an unsolicited response packet - results in connection being closed. */ - - /* If we have a request to match this response against, verify - and decode the response. */ - if (pkt->original) - { - /* Verify header and message authenticator. */ - if (rad_verify (pkt->rpkt, pkt->original->rpkt, - pkt->conn->active_peer->secret)) - { - _close_conn (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_verify: %s", fr_strerror ()); - } - - /* Decode and decrypt. */ - if (rad_decode (pkt->rpkt, pkt->original->rpkt, - pkt->conn->active_peer->secret)) - { - _close_conn (&pkt->conn); - return rs_err_conn_push_fl (pkt->conn, RSE_FR, __FILE__, __LINE__, - "rad_decode: %s", fr_strerror ()); - } - } - #if defined (DEBUG) /* Find out what happens if there's data left in the buffer. */ { @@ -169,8 +132,8 @@ _read_packet (struct rs_packet *pkt) } #endif - /* Hand over message to user, changes ownership of pkt. Don't - touch it afterwards -- it might have been freed. */ + /* Hand over message to user. This changes ownership of pkt. + Don't touch it afterwards -- it might have been freed. */ if (pkt->conn->callbacks.received_cb) pkt->conn->callbacks.received_cb (pkt, pkt->conn->user_data); } @@ -183,14 +146,12 @@ _read_packet (struct rs_packet *pkt) return 0; } -/* Read callback for TCP. +/* The read callback for TCP. Read exactly one RADIUS message from BEV and store it in struct - rs_packet passed in CTX (hereby called 'pkt'). - - Verify the received packet against pkt->original, if !NULL. + rs_packet passed in USER_DATA. - Inform upper layer about successful reception of valid RADIUS + Inform upper layer about successful reception of received RADIUS message by invoking conn->callbacks.recevied_cb(), if !NULL. */ void tcp_read_cb (struct bufferevent *bev, void *user_data) @@ -204,9 +165,9 @@ tcp_read_cb (struct bufferevent *bev, void *user_data) pkt->rpkt->sockfd = pkt->conn->fd; pkt->rpkt->vps = NULL; - if (!pkt->hdr_read_flag) + if ((pkt->flags & rs_packet_hdr_read_flag) == 0) if (_read_header (pkt)) - return; + return; /* Error. */ _read_packet (pkt); } -- cgit v1.1 From d464ebb9235fe78e6588e95d4d3333d5ee95ca48 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 8 Mar 2011 13:37:46 +0100 Subject: Timeout implemented in request objects, supported by TCP. TODO: UDP. --- lib/tcp.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c index 1801d62..c315143 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -37,7 +37,7 @@ _conn_timeout_cb (int fd, short event, void *data) rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n", __func__, conn, conn->fd, conn->active_peer)); conn->is_connecting = 0; - rs_err_conn_push_fl (conn, RSE_TIMEOUT_IO, __FILE__, __LINE__, NULL); + rs_err_conn_push_fl (conn, RSE_TIMEOUT_CONN, __FILE__, __LINE__, NULL); event_loopbreak (conn); } } @@ -256,16 +256,11 @@ tcp_write_cb (struct bufferevent *bev, void *ctx) int tcp_set_connect_timeout (struct rs_connection *conn) { - struct timeval tv; - if (!conn->tev) conn->tev = evtimer_new (conn->evb, _conn_timeout_cb, conn); if (!conn->tev) return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, "evtimer_new"); - tv.tv_sec = conn->realm->timeout; - tv.tv_usec = 0; - evtimer_add (conn->tev, &tv); - + evtimer_add (conn->tev, &conn->timeout); return RSE_OK; } -- cgit v1.1 From c4e2bd206bb9248843a8a4d9a945c5e49a188474 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 9 Mar 2011 10:16:27 +0100 Subject: Add RSE_DISCO. --- lib/tcp.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c index c315143..063e9b2 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -209,6 +209,7 @@ tcp_event_cb (struct bufferevent *bev, short events, void *user_data) if (sockerr == 0) /* FIXME: True that errno == 0 means closed? */ { event_on_disconnect (conn); + rs_err_conn_push_fl (pkt->conn, RSE_DISCO, __FILE__, __LINE__, NULL); } else { -- cgit v1.1 From ce4d6dfe1728e5633a8f49fc4b16c36df0d23521 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 9 Mar 2011 10:18:06 +0100 Subject: Add retransmission timer support (UDP). --- lib/tcp.c | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) (limited to 'lib/tcp.c') diff --git a/lib/tcp.c b/lib/tcp.c index 063e9b2..ce071cd 100644 --- a/lib/tcp.c +++ b/lib/tcp.c @@ -24,24 +24,6 @@ #include #endif -static void -_conn_timeout_cb (int fd, short event, void *data) -{ - struct rs_connection *conn; - - assert (data); - conn = (struct rs_connection *) data; - - if (event & EV_TIMEOUT) - { - rs_debug (("%s: connection timeout on %p (fd %d) connecting to %p\n", - __func__, conn, conn->fd, conn->active_peer)); - conn->is_connecting = 0; - rs_err_conn_push_fl (conn, RSE_TIMEOUT_CONN, __FILE__, __LINE__, NULL); - event_loopbreak (conn); - } -} - /* Read one RADIUS packet header. Return !0 on error. A return value of 0 means that we need more data. */ static int @@ -191,6 +173,8 @@ tcp_event_cb (struct bufferevent *bev, short events, void *user_data) conn->is_connecting = 0; if (events & BEV_EVENT_CONNECTED) { + if (conn->tev) + evtimer_del (conn->tev); /* Cancel connect timer. */ event_on_connect (conn, pkt); } else if (events & BEV_EVENT_EOF) @@ -255,13 +239,16 @@ tcp_write_cb (struct bufferevent *bev, void *ctx) } int -tcp_set_connect_timeout (struct rs_connection *conn) +tcp_init_connect_timer (struct rs_connection *conn) { - if (!conn->tev) - conn->tev = evtimer_new (conn->evb, _conn_timeout_cb, conn); + assert (conn); + + if (conn->tev) + event_free (conn->tev); + conn->tev = evtimer_new (conn->evb, event_conn_timeout_cb, conn); if (!conn->tev) return rs_err_conn_push_fl (conn, RSE_EVENT, __FILE__, __LINE__, "evtimer_new"); - evtimer_add (conn->tev, &conn->timeout); + return RSE_OK; } -- cgit v1.1