mirror of https://github.com/ipxe/ipxe.git
[tls] Use intf_insert() to add TLS to an interface
Restructure the use of add_tls() to insert a TLS filter onto an existing interface. This allows for the possibility of using add_tls() to start TLS on an existing connection (as used in several protocols which will negotiate the choice to use TLS before the ClientHello is sent). Signed-off-by: Michael Brown <mcb30@ipxe.org>pull/181/head
Michael Brown
parent
09fe2bbd34
commit
2b6b02ee7e
|
|
@ -45,11 +45,9 @@ struct http_scheme {
|
|||
*
|
||||
* @v xfer Data transfer interface
|
||||
* @v name Host name
|
||||
* @v next Next interface
|
||||
* @ret rc Return status code
|
||||
*/
|
||||
int ( * filter ) ( struct interface *xfer, const char *name,
|
||||
struct interface **next );
|
||||
int ( * filter ) ( struct interface *xfer, const char *name );
|
||||
};
|
||||
|
||||
/** HTTP scheme table */
|
||||
|
|
|
|||
|
|
@ -378,7 +378,6 @@ struct tls_connection {
|
|||
/** RX I/O buffer alignment */
|
||||
#define TLS_RX_ALIGN 16
|
||||
|
||||
extern int add_tls ( struct interface *xfer, const char *name,
|
||||
struct interface **next );
|
||||
extern int add_tls ( struct interface *xfer, const char *name );
|
||||
|
||||
#endif /* _IPXE_TLS_H */
|
||||
|
|
|
|||
|
|
@ -236,7 +236,6 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
|||
struct http_connection *conn;
|
||||
struct http_scheme *scheme;
|
||||
struct sockaddr_tcpip server;
|
||||
struct interface *socket;
|
||||
unsigned int port;
|
||||
int rc;
|
||||
|
||||
|
|
@ -296,15 +295,16 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
|||
/* Open socket */
|
||||
memset ( &server, 0, sizeof ( server ) );
|
||||
server.st_port = htons ( port );
|
||||
socket = &conn->socket;
|
||||
if ( scheme->filter &&
|
||||
( ( rc = scheme->filter ( socket, uri->host, &socket ) ) != 0 ) )
|
||||
goto err_filter;
|
||||
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
|
||||
if ( ( rc = xfer_open_named_socket ( &conn->socket, SOCK_STREAM,
|
||||
( struct sockaddr * ) &server,
|
||||
uri->host, NULL ) ) != 0 )
|
||||
goto err_open;
|
||||
|
||||
/* Add filter, if any */
|
||||
if ( scheme->filter &&
|
||||
( ( rc = scheme->filter ( &conn->socket, uri->host ) ) != 0 ) )
|
||||
goto err_filter;
|
||||
|
||||
/* Attach to parent interface, mortalise self, and return */
|
||||
intf_plug_plug ( &conn->xfer, xfer );
|
||||
ref_put ( &conn->refcnt );
|
||||
|
|
@ -313,8 +313,8 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
|||
conn->scheme->name, conn->uri->host, port );
|
||||
return 0;
|
||||
|
||||
err_open:
|
||||
err_filter:
|
||||
err_open:
|
||||
DBGC2 ( conn, "HTTPCONN %p could not create %s://%s:%d: %s\n", conn,
|
||||
conn->scheme->name, conn->uri->host, port, strerror ( rc ) );
|
||||
http_conn_close ( conn, rc );
|
||||
|
|
|
|||
|
|
@ -62,9 +62,10 @@ static struct sockaddr_tcpip logserver = {
|
|||
* @v intf Interface
|
||||
* @v rc Reason for close
|
||||
*/
|
||||
static void syslogs_close ( struct interface *intf __unused, int rc ) {
|
||||
static void syslogs_close ( struct interface *intf, int rc ) {
|
||||
|
||||
DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
|
||||
intf_restart ( intf, rc );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -208,7 +209,6 @@ const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
|
|||
static int apply_syslogs_settings ( void ) {
|
||||
static char *old_server;
|
||||
char *server;
|
||||
struct interface *socket;
|
||||
int rc;
|
||||
|
||||
/* Fetch log server */
|
||||
|
|
@ -234,33 +234,32 @@ static int apply_syslogs_settings ( void ) {
|
|||
rc = 0;
|
||||
goto out_no_server;
|
||||
}
|
||||
|
||||
/* Add TLS filter */
|
||||
if ( ( rc = add_tls ( &syslogs, server, &socket ) ) != 0 ) {
|
||||
DBG ( "SYSLOGS cannot create TLS filter: %s\n",
|
||||
strerror ( rc ) );
|
||||
goto err_add_tls;
|
||||
}
|
||||
DBG ( "SYSLOGS using log server %s\n", server );
|
||||
|
||||
/* Connect to log server */
|
||||
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
|
||||
if ( ( rc = xfer_open_named_socket ( &syslogs, SOCK_STREAM,
|
||||
(( struct sockaddr *) &logserver ),
|
||||
server, NULL ) ) != 0 ) {
|
||||
DBG ( "SYSLOGS cannot connect to log server: %s\n",
|
||||
strerror ( rc ) );
|
||||
goto err_open_named_socket;
|
||||
}
|
||||
DBG ( "SYSLOGS using log server %s\n", server );
|
||||
|
||||
/* Add TLS filter */
|
||||
if ( ( rc = add_tls ( &syslogs, server ) ) != 0 ) {
|
||||
DBG ( "SYSLOGS cannot create TLS filter: %s\n",
|
||||
strerror ( rc ) );
|
||||
goto err_add_tls;
|
||||
}
|
||||
|
||||
/* Record log server */
|
||||
old_server = server;
|
||||
server = NULL;
|
||||
|
||||
/* Success */
|
||||
rc = 0;
|
||||
return 0;
|
||||
|
||||
err_open_named_socket:
|
||||
err_add_tls:
|
||||
err_open_named_socket:
|
||||
syslogs_close ( &syslogs, rc );
|
||||
out_no_server:
|
||||
out_no_change:
|
||||
free ( server );
|
||||
|
|
|
|||
|
|
@ -3088,8 +3088,14 @@ static int tls_session ( struct tls_connection *tls, const char *name ) {
|
|||
******************************************************************************
|
||||
*/
|
||||
|
||||
int add_tls ( struct interface *xfer, const char *name,
|
||||
struct interface **next ) {
|
||||
/**
|
||||
* Add TLS on an interface
|
||||
*
|
||||
* @v xfer Data transfer interface
|
||||
* @v name Host name
|
||||
* @ret rc Return status code
|
||||
*/
|
||||
int add_tls ( struct interface *xfer, const char *name ) {
|
||||
struct tls_connection *tls;
|
||||
int rc;
|
||||
|
||||
|
|
@ -3133,8 +3139,7 @@ int add_tls ( struct interface *xfer, const char *name,
|
|||
tls_restart ( tls );
|
||||
|
||||
/* Attach to parent interface, mortalise self, and return */
|
||||
intf_plug_plug ( &tls->plainstream, xfer );
|
||||
*next = &tls->cipherstream;
|
||||
intf_insert ( xfer, &tls->plainstream, &tls->cipherstream );
|
||||
ref_put ( &tls->refcnt );
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue