mirror of https://github.com/ipxe/ipxe.git
[tls] Use intf_insert() to add TLS to an interface
Restructure the use of add_tls() to insert a TLS filter onto an existing interface. This allows for the possibility of using add_tls() to start TLS on an existing connection (as used in several protocols which will negotiate the choice to use TLS before the ClientHello is sent). Signed-off-by: Michael Brown <mcb30@ipxe.org>pull/181/head
Michael Brown
parent
09fe2bbd34
commit
2b6b02ee7e
|
|
@ -45,11 +45,9 @@ struct http_scheme {
|
||||||
*
|
*
|
||||||
* @v xfer Data transfer interface
|
* @v xfer Data transfer interface
|
||||||
* @v name Host name
|
* @v name Host name
|
||||||
* @v next Next interface
|
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
int ( * filter ) ( struct interface *xfer, const char *name,
|
int ( * filter ) ( struct interface *xfer, const char *name );
|
||||||
struct interface **next );
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/** HTTP scheme table */
|
/** HTTP scheme table */
|
||||||
|
|
|
||||||
|
|
@ -378,7 +378,6 @@ struct tls_connection {
|
||||||
/** RX I/O buffer alignment */
|
/** RX I/O buffer alignment */
|
||||||
#define TLS_RX_ALIGN 16
|
#define TLS_RX_ALIGN 16
|
||||||
|
|
||||||
extern int add_tls ( struct interface *xfer, const char *name,
|
extern int add_tls ( struct interface *xfer, const char *name );
|
||||||
struct interface **next );
|
|
||||||
|
|
||||||
#endif /* _IPXE_TLS_H */
|
#endif /* _IPXE_TLS_H */
|
||||||
|
|
|
||||||
|
|
@ -236,7 +236,6 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
||||||
struct http_connection *conn;
|
struct http_connection *conn;
|
||||||
struct http_scheme *scheme;
|
struct http_scheme *scheme;
|
||||||
struct sockaddr_tcpip server;
|
struct sockaddr_tcpip server;
|
||||||
struct interface *socket;
|
|
||||||
unsigned int port;
|
unsigned int port;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
|
@ -296,15 +295,16 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
||||||
/* Open socket */
|
/* Open socket */
|
||||||
memset ( &server, 0, sizeof ( server ) );
|
memset ( &server, 0, sizeof ( server ) );
|
||||||
server.st_port = htons ( port );
|
server.st_port = htons ( port );
|
||||||
socket = &conn->socket;
|
if ( ( rc = xfer_open_named_socket ( &conn->socket, SOCK_STREAM,
|
||||||
if ( scheme->filter &&
|
|
||||||
( ( rc = scheme->filter ( socket, uri->host, &socket ) ) != 0 ) )
|
|
||||||
goto err_filter;
|
|
||||||
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
|
|
||||||
( struct sockaddr * ) &server,
|
( struct sockaddr * ) &server,
|
||||||
uri->host, NULL ) ) != 0 )
|
uri->host, NULL ) ) != 0 )
|
||||||
goto err_open;
|
goto err_open;
|
||||||
|
|
||||||
|
/* Add filter, if any */
|
||||||
|
if ( scheme->filter &&
|
||||||
|
( ( rc = scheme->filter ( &conn->socket, uri->host ) ) != 0 ) )
|
||||||
|
goto err_filter;
|
||||||
|
|
||||||
/* Attach to parent interface, mortalise self, and return */
|
/* Attach to parent interface, mortalise self, and return */
|
||||||
intf_plug_plug ( &conn->xfer, xfer );
|
intf_plug_plug ( &conn->xfer, xfer );
|
||||||
ref_put ( &conn->refcnt );
|
ref_put ( &conn->refcnt );
|
||||||
|
|
@ -313,8 +313,8 @@ int http_connect ( struct interface *xfer, struct uri *uri ) {
|
||||||
conn->scheme->name, conn->uri->host, port );
|
conn->scheme->name, conn->uri->host, port );
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err_open:
|
|
||||||
err_filter:
|
err_filter:
|
||||||
|
err_open:
|
||||||
DBGC2 ( conn, "HTTPCONN %p could not create %s://%s:%d: %s\n", conn,
|
DBGC2 ( conn, "HTTPCONN %p could not create %s://%s:%d: %s\n", conn,
|
||||||
conn->scheme->name, conn->uri->host, port, strerror ( rc ) );
|
conn->scheme->name, conn->uri->host, port, strerror ( rc ) );
|
||||||
http_conn_close ( conn, rc );
|
http_conn_close ( conn, rc );
|
||||||
|
|
|
||||||
|
|
@ -62,9 +62,10 @@ static struct sockaddr_tcpip logserver = {
|
||||||
* @v intf Interface
|
* @v intf Interface
|
||||||
* @v rc Reason for close
|
* @v rc Reason for close
|
||||||
*/
|
*/
|
||||||
static void syslogs_close ( struct interface *intf __unused, int rc ) {
|
static void syslogs_close ( struct interface *intf, int rc ) {
|
||||||
|
|
||||||
DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
|
DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
|
||||||
|
intf_restart ( intf, rc );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -208,7 +209,6 @@ const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
|
||||||
static int apply_syslogs_settings ( void ) {
|
static int apply_syslogs_settings ( void ) {
|
||||||
static char *old_server;
|
static char *old_server;
|
||||||
char *server;
|
char *server;
|
||||||
struct interface *socket;
|
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
/* Fetch log server */
|
/* Fetch log server */
|
||||||
|
|
@ -234,33 +234,32 @@ static int apply_syslogs_settings ( void ) {
|
||||||
rc = 0;
|
rc = 0;
|
||||||
goto out_no_server;
|
goto out_no_server;
|
||||||
}
|
}
|
||||||
|
DBG ( "SYSLOGS using log server %s\n", server );
|
||||||
/* Add TLS filter */
|
|
||||||
if ( ( rc = add_tls ( &syslogs, server, &socket ) ) != 0 ) {
|
|
||||||
DBG ( "SYSLOGS cannot create TLS filter: %s\n",
|
|
||||||
strerror ( rc ) );
|
|
||||||
goto err_add_tls;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Connect to log server */
|
/* Connect to log server */
|
||||||
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
|
if ( ( rc = xfer_open_named_socket ( &syslogs, SOCK_STREAM,
|
||||||
(( struct sockaddr *) &logserver ),
|
(( struct sockaddr *) &logserver ),
|
||||||
server, NULL ) ) != 0 ) {
|
server, NULL ) ) != 0 ) {
|
||||||
DBG ( "SYSLOGS cannot connect to log server: %s\n",
|
DBG ( "SYSLOGS cannot connect to log server: %s\n",
|
||||||
strerror ( rc ) );
|
strerror ( rc ) );
|
||||||
goto err_open_named_socket;
|
goto err_open_named_socket;
|
||||||
}
|
}
|
||||||
DBG ( "SYSLOGS using log server %s\n", server );
|
|
||||||
|
/* Add TLS filter */
|
||||||
|
if ( ( rc = add_tls ( &syslogs, server ) ) != 0 ) {
|
||||||
|
DBG ( "SYSLOGS cannot create TLS filter: %s\n",
|
||||||
|
strerror ( rc ) );
|
||||||
|
goto err_add_tls;
|
||||||
|
}
|
||||||
|
|
||||||
/* Record log server */
|
/* Record log server */
|
||||||
old_server = server;
|
old_server = server;
|
||||||
server = NULL;
|
|
||||||
|
|
||||||
/* Success */
|
return 0;
|
||||||
rc = 0;
|
|
||||||
|
|
||||||
err_open_named_socket:
|
|
||||||
err_add_tls:
|
err_add_tls:
|
||||||
|
err_open_named_socket:
|
||||||
|
syslogs_close ( &syslogs, rc );
|
||||||
out_no_server:
|
out_no_server:
|
||||||
out_no_change:
|
out_no_change:
|
||||||
free ( server );
|
free ( server );
|
||||||
|
|
|
||||||
|
|
@ -3088,8 +3088,14 @@ static int tls_session ( struct tls_connection *tls, const char *name ) {
|
||||||
******************************************************************************
|
******************************************************************************
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int add_tls ( struct interface *xfer, const char *name,
|
/**
|
||||||
struct interface **next ) {
|
* Add TLS on an interface
|
||||||
|
*
|
||||||
|
* @v xfer Data transfer interface
|
||||||
|
* @v name Host name
|
||||||
|
* @ret rc Return status code
|
||||||
|
*/
|
||||||
|
int add_tls ( struct interface *xfer, const char *name ) {
|
||||||
struct tls_connection *tls;
|
struct tls_connection *tls;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
|
@ -3133,8 +3139,7 @@ int add_tls ( struct interface *xfer, const char *name,
|
||||||
tls_restart ( tls );
|
tls_restart ( tls );
|
||||||
|
|
||||||
/* Attach to parent interface, mortalise self, and return */
|
/* Attach to parent interface, mortalise self, and return */
|
||||||
intf_plug_plug ( &tls->plainstream, xfer );
|
intf_insert ( xfer, &tls->plainstream, &tls->cipherstream );
|
||||||
*next = &tls->cipherstream;
|
|
||||||
ref_put ( &tls->refcnt );
|
ref_put ( &tls->refcnt );
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue