diff --git a/kronosnetd/Makefile.am b/kronosnetd/Makefile.am index 6fed5491..4e630bf2 100644 --- a/kronosnetd/Makefile.am +++ b/kronosnetd/Makefile.am @@ -1,35 +1,35 @@ MAINTAINERCLEANFILES = Makefile.in noinst_HEADERS = \ cfg.h \ logging.h \ netutils.h \ vty.h \ vty_auth.h \ vty_cli.h \ vty_cli_cmds.h \ vty_utils.h sbin_PROGRAMS = kronosnetd kronosnetd_SOURCES = \ cfg.c \ main.c \ logging.c \ netutils.c \ vty.c \ vty_auth.c \ vty_cli.c \ vty_cli_cmds.c \ vty_utils.c kronosnetd_CPPFLAGS = \ -I$(top_srcdir)/libtap \ -I$(top_srcdir)/libknet kronosnetd_CFLAGS = $(LIBQB_CFLAGS) kronosnetd_LDADD = \ - $(top_builddir)/libknet/libknet.a \ + $(top_builddir)/libknet/libknet.la \ $(top_builddir)/libtap/libtap.la \ $(LIBQB_LIBS) diff --git a/kronosnetd/vty_cli_cmds.c b/kronosnetd/vty_cli_cmds.c index 0cf10e1d..ca0b26e6 100644 --- a/kronosnetd/vty_cli_cmds.c +++ b/kronosnetd/vty_cli_cmds.c @@ -1,1554 +1,1556 @@ #include "config.h" #include #include #include #include #include #include #include #include "cfg.h" #include "logging.h" #include "libtap.h" #include "netutils.h" #include "vty.h" #include "vty_cli.h" #include "vty_cli_cmds.h" #include "vty_utils.h" #define KNET_VTY_MAX_MATCHES 64 #define KNET_VTY_MATCH_HELP 0 #define KNET_VTY_MATCH_EXEC 1 #define KNET_VTY_MATCH_EXPAND 2 #define CMDS_PARAM_NOMORE 0 #define CMDS_PARAM_KNET 1 #define CMDS_PARAM_IP 2 #define CMDS_PARAM_IP_PREFIX 3 #define CMDS_PARAM_IP_PORT 4 #define CMDS_PARAM_BOOL 5 #define CMDS_PARAM_INT 6 #define CMDS_PARAM_NODEID 7 #define CMDS_PARAM_NAME 8 #define CMDS_PARAM_MTU 9 /* * CLI helper functions - menu/node stuff starts below */ /* * return 0 if we find a command in vty->line and cmd/len/no are set * return -1 if we cannot find a command. no can be trusted. cmd/len would be empty */ static int get_command(struct knet_vty *vty, char **cmd, int *cmdlen, int *cmdoffset, int *no) { int start = 0, idx; for (idx = 0; idx < vty->line_idx; idx++) { if (vty->line[idx] != ' ') break; } if (!strncmp(&vty->line[idx], "no ", 3)) { *no = 1; idx = idx + 3; for (idx = idx; idx < vty->line_idx; idx++) { if (vty->line[idx] != ' ') break; } } else { *no = 0; } start = idx; if (start == vty->line_idx) return -1; *cmd = &vty->line[start]; *cmdoffset = start; for (idx = start; idx < vty->line_idx; idx++) { if (vty->line[idx] == ' ') break; } *cmdlen = idx - start; return 0; } /* * still not sure why I need to count backwards... */ static void get_n_word_from_end(struct knet_vty *vty, int n, char **word, int *wlen, int *woffset) { int widx; int idx, end, start; start = end = vty->line_idx; for (widx = 0; widx < n; widx++) { for (idx = start - 1; idx > 0; idx--) { if (vty->line[idx] != ' ') break; } end = idx; for (idx = end; idx > 0; idx--) { if (vty->line[idx-1] == ' ') break; } start = idx; } *wlen = (end - start) + 1; *word = &vty->line[start]; *woffset = start; } static int expected_params(const vty_param_t *params) { int idx = 0; while(params[idx].param != CMDS_PARAM_NOMORE) idx++; return idx; } static int count_words(struct knet_vty *vty, int offset) { int idx, widx = 0; int status = 0; for (idx = offset; idx < vty->line_idx; idx++) { if (vty->line[idx] == ' ') { status = 0; continue; } if ((vty->line[idx] != ' ') && (!status)) { widx++; status = 1; continue; } } return widx; } static int param_to_int(const char *param, int paramlen) { char buf[KNET_VTY_MAX_LINE]; memset(buf, 0, sizeof(buf)); memcpy(buf, param, paramlen); return atoi(buf); } static int param_to_str(char *buf, int bufsize, const char *param, int paramlen) { if (bufsize < paramlen) return -1; memset(buf, 0, bufsize); memcpy(buf, param, paramlen); return paramlen; } static const vty_node_cmds_t *get_cmds(struct knet_vty *vty, char **cmd, int *cmdlen, int *cmdoffset) { int no; const vty_node_cmds_t *cmds = knet_vty_nodes[vty->node].cmds; get_command(vty, cmd, cmdlen, cmdoffset, &no); if (no) cmds = knet_vty_nodes[vty->node].no_cmds; return cmds; } static int check_param(struct knet_vty *vty, const int paramtype, char *param, int paramlen) { int err = 0; char buf[KNET_VTY_MAX_LINE]; int tmp; memset(buf, 0, sizeof(buf)); switch(paramtype) { case CMDS_PARAM_NOMORE: break; case CMDS_PARAM_KNET: if (paramlen >= IFNAMSIZ) { knet_vty_write(vty, "interface name too long%s", telnet_newline); err = -1; } break; case CMDS_PARAM_IP: break; case CMDS_PARAM_IP_PREFIX: break; case CMDS_PARAM_IP_PORT: tmp = param_to_int(param, paramlen); if ((tmp < 0) || (tmp > 65279)) { knet_vty_write(vty, "port number must be a value between 0 and 65279%s", telnet_newline); err = -1; } break; case CMDS_PARAM_BOOL: break; case CMDS_PARAM_INT: break; case CMDS_PARAM_NODEID: tmp = param_to_int(param, paramlen); if ((tmp < 0) || (tmp > 255)) { knet_vty_write(vty, "node id must be a value between 0 and 255%s", telnet_newline); err = -1; } break; case CMDS_PARAM_NAME: if (paramlen >= KNET_MAX_HOST_LEN) { knet_vty_write(vty, "name cannot exceed %d char in len%s", KNET_MAX_HOST_LEN - 1, telnet_newline); } break; case CMDS_PARAM_MTU: tmp = param_to_int(param, paramlen); if ((tmp < 576) || (tmp > 65536)) { knet_vty_write(vty, "mtu should be a value between 576 and 65536 (note: max value depends on the media)%s", telnet_newline); err = -1; } break; default: knet_vty_write(vty, "CLI ERROR: unknown parameter type%s", telnet_newline); err = -1; break; } return err; } static void describe_param(struct knet_vty *vty, const int paramtype) { switch(paramtype) { case CMDS_PARAM_NOMORE: knet_vty_write(vty, "no more parameters%s", telnet_newline); break; case CMDS_PARAM_KNET: knet_vty_write(vty, "KNET_IFACE_NAME - interface name (max %d chars) eg: kronosnet0%s", IFNAMSIZ, telnet_newline); break; case CMDS_PARAM_IP: knet_vty_write(vty, "IP address - ipv4 or ipv6 address to add/remove%s", telnet_newline); break; case CMDS_PARAM_IP_PREFIX: knet_vty_write(vty, "IP prefix len (eg. 24, 64)%s", telnet_newline); break; case CMDS_PARAM_IP_PORT: knet_vty_write(vty, "base port (eg: %d) %s", KNET_RING_DEFPORT, telnet_newline); case CMDS_PARAM_BOOL: break; case CMDS_PARAM_INT: break; case CMDS_PARAM_NODEID: knet_vty_write(vty, "NODEID - unique identifier for this interface in this kronos network (value between 0 and 255)%s", telnet_newline); break; case CMDS_PARAM_NAME: knet_vty_write(vty, "NAME - unique name identifier for this entity (max %d chars)%s", KNET_MAX_HOST_LEN - 1, telnet_newline); break; case CMDS_PARAM_MTU: knet_vty_write(vty, "MTU - a value between 576 and 65536 (note: max value depends on the media)%s", telnet_newline); break; default: /* this should never happen */ knet_vty_write(vty, "CLI ERROR: unknown parameter type%s", telnet_newline); break; } } static void print_help(struct knet_vty *vty, const vty_node_cmds_t *cmds, int idx) { if ((idx < 0) || (cmds == NULL) || (cmds[idx].cmd == NULL)) return; if (cmds[idx].help != NULL) { knet_vty_write(vty, "%s\t%s%s", cmds[idx].cmd, cmds[idx].help, telnet_newline); } else { knet_vty_write(vty, "%s\tNo help available for this command%s", cmds[idx].cmd, telnet_newline); } } static int get_param(struct knet_vty *vty, int wanted_paranum, char **param, int *paramlen, int *paramoffset) { int eparams, tparams; const vty_param_t *params = (const vty_param_t *)vty->param; int paramstart = vty->paramoffset; eparams = expected_params(params); tparams = count_words(vty, paramstart); if (tparams > eparams) return -1; if (wanted_paranum == -1) { get_n_word_from_end(vty, 1, param, paramlen, paramoffset); return tparams; } if (tparams < wanted_paranum) return -1; get_n_word_from_end(vty, (tparams - wanted_paranum) + 1, param, paramlen, paramoffset); return tparams - wanted_paranum; } static int match_command(struct knet_vty *vty, const vty_node_cmds_t *cmds, char *cmd, int cmdlen, int cmdoffset, int mode) { int idx = 0, found = -1, paramoffset = 0, paramlen = 0, last_param = 0; char *param = NULL; int paramstart = cmdlen + cmdoffset; int matches[KNET_VTY_MAX_MATCHES]; memset(&matches, -1, sizeof(matches)); while ((cmds[idx].cmd != NULL) && (idx < KNET_VTY_MAX_MATCHES)) { if (!strncmp(cmds[idx].cmd, cmd, cmdlen)) { found++; matches[found] = idx; } idx++; } if (idx >= KNET_VTY_MAX_MATCHES) { knet_vty_write(vty, "Too many matches for this command%s", telnet_newline); return -1; } if (found < 0) { knet_vty_write(vty, "There is no such command%s", telnet_newline); return -1; } switch(mode) { case KNET_VTY_MATCH_HELP: if (found == 0) { if ((cmdoffset <= vty->cursor_pos) && (vty->cursor_pos <= paramstart)) { print_help(vty, cmds, matches[0]); break; } if (cmds[matches[0]].params != NULL) { vty->param = (void *)cmds[matches[0]].params; vty->paramoffset = paramstart; last_param = get_param(vty, -1, ¶m, ¶mlen, ¶moffset); if ((paramoffset <= vty->cursor_pos) && (vty->cursor_pos <= (paramoffset + paramlen))) last_param--; if (last_param >= CMDS_PARAM_NOMORE) { describe_param(vty, cmds[matches[0]].params[last_param].param); if (paramoffset > 0) check_param(vty, cmds[matches[0]].params[last_param].param, param, paramlen); } break; } } if (found >= 0) { idx = 0; while (matches[idx] >= 0) { print_help(vty, cmds, matches[idx]); idx++; } } break; case KNET_VTY_MATCH_EXEC: if (found == 0) { int exec = 0; if (cmds[matches[0]].params != NULL) { int eparams, tparams; eparams = expected_params(cmds[matches[0]].params); tparams = count_words(vty, paramstart); if (eparams != tparams) { exec = -1; idx = 0; knet_vty_write(vty, "Parameter required for this command:%s", telnet_newline); while(cmds[matches[0]].params[idx].param != CMDS_PARAM_NOMORE) { describe_param(vty, cmds[matches[0]].params[idx].param); idx++; } break; } idx = 0; vty->param = (void *)cmds[matches[0]].params; vty->paramoffset = paramstart; while(cmds[matches[0]].params[idx].param != CMDS_PARAM_NOMORE) { get_param(vty, idx + 1, ¶m, ¶mlen, ¶moffset); if (check_param(vty, cmds[matches[0]].params[idx].param, param, paramlen) < 0) { exec = -1; if (vty->filemode) return -1; } idx++; } } if (!exec) { if (cmds[matches[0]].params != NULL) { vty->param = (void *)cmds[matches[0]].params; vty->paramoffset = paramstart; } if (cmds[matches[0]].func != NULL) { return cmds[matches[0]].func(vty); } else { /* this will eventually disappear */ knet_vty_write(vty, "no fn associated to this command%s", telnet_newline); } } } if (found > 0) { knet_vty_write(vty, "Ambiguous command.%s", telnet_newline); } break; case KNET_VTY_MATCH_EXPAND: if (found == 0) { int cmdreallen; if (vty->cursor_pos > cmdoffset+cmdlen) /* complete param? */ break; cmdreallen = strlen(cmds[matches[0]].cmd); memset(vty->line + cmdoffset, 0, cmdlen); memcpy(vty->line + cmdoffset, cmds[matches[0]].cmd, cmdreallen); vty->line[cmdreallen + cmdoffset] = ' '; vty->line_idx = cmdreallen + cmdoffset + 1; vty->cursor_pos = cmdreallen + cmdoffset + 1; } if (found > 0) { /* add completion to string base root */ int count = 0; idx = 0; while (matches[idx] >= 0) { knet_vty_write(vty, "%s\t\t", cmds[matches[idx]].cmd); idx++; count++; if (count == 4) { knet_vty_write(vty, "%s",telnet_newline); count = 0; } } knet_vty_write(vty, "%s",telnet_newline); } break; default: /* this should never really happen */ log_info("Unknown match mode"); break; } return found; } /* forward declarations */ /* common to almost all nodes */ static int knet_cmd_logout(struct knet_vty *vty); static int knet_cmd_who(struct knet_vty *vty); static int knet_cmd_exit_node(struct knet_vty *vty); static int knet_cmd_help(struct knet_vty *vty); /* root node */ static int knet_cmd_config(struct knet_vty *vty); /* config node */ static int knet_cmd_interface(struct knet_vty *vty); static int knet_cmd_no_interface(struct knet_vty *vty); static int knet_cmd_show_conf(struct knet_vty *vty); static int knet_cmd_write_conf(struct knet_vty *vty); /* interface node */ static int knet_cmd_mtu(struct knet_vty *vty); static int knet_cmd_no_mtu(struct knet_vty *vty); static int knet_cmd_ip(struct knet_vty *vty); static int knet_cmd_no_ip(struct knet_vty *vty); static int knet_cmd_baseport(struct knet_vty *vty); static int knet_cmd_peer(struct knet_vty *vty); static int knet_cmd_no_peer(struct knet_vty *vty); static int knet_cmd_start(struct knet_vty *vty); static int knet_cmd_stop(struct knet_vty *vty); /* peer node */ static int knet_cmd_link(struct knet_vty *vty); static int knet_cmd_no_link(struct knet_vty *vty); /* root node description */ vty_node_cmds_t root_cmds[] = { { "configure", "enter configuration mode", NULL, knet_cmd_config }, { "exit", "exit from CLI", NULL, knet_cmd_logout }, { "help", "display basic help", NULL, knet_cmd_help }, { "logout", "exit from CLI", NULL, knet_cmd_logout }, { "who", "display users connected to CLI", NULL, knet_cmd_who }, { NULL, NULL, NULL, NULL }, }; /* config node description */ vty_param_t no_int_params[] = { { CMDS_PARAM_KNET }, { CMDS_PARAM_NOMORE }, }; vty_node_cmds_t no_config_cmds[] = { { "interface", "destroy kronosnet interface", no_int_params, knet_cmd_no_interface }, { NULL, NULL, NULL, NULL }, }; vty_param_t int_params[] = { { CMDS_PARAM_KNET }, { CMDS_PARAM_NODEID }, { CMDS_PARAM_NOMORE }, }; vty_node_cmds_t config_cmds[] = { { "exit", "exit configuration mode", NULL, knet_cmd_exit_node }, { "interface", "configure kronosnet interface", int_params, knet_cmd_interface }, { "show", "show running config", NULL, knet_cmd_show_conf }, { "help", "display basic help", NULL, knet_cmd_help }, { "logout", "exit from CLI", NULL, knet_cmd_logout }, { "no", "revert command", NULL, NULL }, { "who", "display users connected to CLI", NULL, knet_cmd_who }, { "write", "write current config to file", NULL, knet_cmd_write_conf }, { NULL, NULL, NULL, NULL }, }; /* interface node description */ vty_param_t ip_params[] = { { CMDS_PARAM_IP }, { CMDS_PARAM_IP_PREFIX }, { CMDS_PARAM_NOMORE }, }; vty_param_t peer_params[] = { { CMDS_PARAM_NAME }, { CMDS_PARAM_NODEID }, { CMDS_PARAM_NOMORE }, }; vty_node_cmds_t no_interface_cmds[] = { { "ip", "remove ip address", ip_params, knet_cmd_no_ip }, { "mtu", "revert to default MTU", NULL, knet_cmd_no_mtu }, { "peer", "remove peer from this interface", peer_params, knet_cmd_no_peer }, { NULL, NULL, NULL, NULL }, }; vty_param_t mtu_params[] = { { CMDS_PARAM_MTU }, { CMDS_PARAM_NOMORE }, }; vty_param_t baseport_params[] = { { CMDS_PARAM_IP_PORT }, { CMDS_PARAM_NOMORE }, }; vty_node_cmds_t interface_cmds[] = { { "baseport", "set base listening port for this interface", baseport_params, knet_cmd_baseport }, { "exit", "exit configuration mode", NULL, knet_cmd_exit_node }, { "help", "display basic help", NULL, knet_cmd_help }, { "ip", "add ip address", ip_params, knet_cmd_ip }, { "logout", "exit from CLI", NULL, knet_cmd_logout }, { "mtu", "set mtu", mtu_params, knet_cmd_mtu }, { "no", "revert command", NULL, NULL }, { "peer", "add peer endpoint", peer_params, knet_cmd_peer }, { "show", "show running config", NULL, knet_cmd_show_conf }, { "start", "start forwarding engine", NULL, knet_cmd_start }, { "stop", "stop forwarding engine", NULL, knet_cmd_stop }, { "who", "display users connected to CLI", NULL, knet_cmd_who }, { "write", "write current config to file", NULL, knet_cmd_write_conf }, { NULL, NULL, NULL, NULL }, }; /* peer node description */ vty_param_t link_params[] = { { CMDS_PARAM_IP }, { CMDS_PARAM_NOMORE }, }; vty_node_cmds_t no_peer_cmds[] = { { "link", "remove peer endpoint", link_params, knet_cmd_no_link}, { NULL, NULL, NULL, NULL }, }; vty_node_cmds_t peer_cmds[] = { { "exit", "exit configuration mode", NULL, knet_cmd_exit_node }, { "help", "display basic help", NULL, knet_cmd_help }, { "link", "add peer endpoint", link_params, knet_cmd_link }, { "logout", "exit from CLI", NULL, knet_cmd_logout }, { "no", "revert command", NULL, NULL }, { "show", "show running config", NULL, knet_cmd_show_conf }, { "who", "display users connected to CLI", NULL, knet_cmd_who }, { "write", "write current config to file", NULL, knet_cmd_write_conf }, { NULL, NULL, NULL, NULL }, }; /* link node description */ vty_node_cmds_t link_cmds[] = { { "exit", "exit configuration mode", NULL, knet_cmd_exit_node }, { "help", "display basic help", NULL, knet_cmd_help }, { "logout", "exit from CLI", NULL, knet_cmd_logout }, { "no", "revert command", NULL, NULL }, { "show", "show running config", NULL, knet_cmd_show_conf }, { "who", "display users connected to CLI", NULL, knet_cmd_who }, { "write", "write current config to file", NULL, knet_cmd_write_conf }, { NULL, NULL, NULL, NULL }, }; /* nodes */ vty_nodes_t knet_vty_nodes[] = { { NODE_ROOT, "knet", root_cmds, NULL }, { NODE_CONFIG, "config", config_cmds, no_config_cmds }, { NODE_INTERFACE, "iface", interface_cmds, no_interface_cmds }, { NODE_PEER, "peer", peer_cmds, no_peer_cmds }, { NODE_LINK, "link", link_cmds, NULL }, { -1, NULL, NULL }, }; /* command execution */ /* links */ static int knet_cmd_no_link(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; struct knet_host *host = (struct knet_host *)vty->host; int j, paramlen = 0, paramoffset = 0, found = 0; char *param = NULL; char ipaddr[KNET_MAX_HOST_LEN], port[6]; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(ipaddr, KNET_MAX_HOST_LEN, param, paramlen); memset(port, 0, sizeof(port)); snprintf(port, 6, "%d", knet_iface->cfg_ring.base_port + knet_iface->cfg_eth.node_id); for (j = 0; j < KNET_MAX_LINK; j++) { if (!strcmp(host->link[j].ipaddr, ipaddr) && !strcmp(host->link[j].port, port)) { found = 1; break; } } if (!found) { knet_vty_write(vty, "Error: unable to find link%s", telnet_newline); return -1; } host->link[j].ready = 0; return 0; } static int knet_cmd_link(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; struct knet_host *host = (struct knet_host *)vty->host; struct knet_link *klink = NULL; int j, paramlen = 0, paramoffset = 0, err = 0, found = 0; char *param = NULL; char ipaddr[KNET_MAX_HOST_LEN], port[6]; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(ipaddr, KNET_MAX_HOST_LEN, param, paramlen); memset(port, 0, sizeof(port)); snprintf(port, 6, "%d", knet_iface->cfg_ring.base_port + knet_iface->cfg_eth.node_id); for (j = 0; j < KNET_MAX_LINK; j++) { if ((klink == NULL) && (host->link[j].ready == 0)) { klink = &host->link[j]; } if (!strcmp(host->link[j].ipaddr, ipaddr) && !strcmp(host->link[j].port, port)) { found = 1; break; } } if (!found) { if (!klink) { knet_vty_write(vty, "Error: all links are in use!%s", telnet_newline); return -1; } memset(klink, 0, sizeof(struct knet_link)); memcpy(klink->ipaddr, ipaddr, strlen(ipaddr)); memcpy(klink->port, port, strlen(port)); if (strtoaddr(klink->ipaddr, klink->port, (struct sockaddr *)&klink->address, sizeof(klink->address)) != 0) { knet_vty_write(vty, "Error: unable to convert ip addr to sockaddr!%s", telnet_newline); err = -1; goto out_clean; } klink->sock = host->listener->sock; knet_link_timeout(klink, 1000, 5000, 2048); klink->ready = 1; } vty->link = (void *)klink; vty->node = NODE_LINK; out_clean: if (err < 0) { if (klink) free(klink); } return err; } static int knet_find_host(struct knet_vty *vty, struct knet_host **host, const char *nodename, const int requested_node_id) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; struct knet_host *head = NULL; int err = 0; *host = NULL; if (knet_host_acquire(knet_iface->cfg_ring.knet_h, &head)) { knet_vty_write(vty, "Error: unable to acquire lock on peer list!%s", telnet_newline); return -1; } while (head != NULL) { if (!strcmp(head->name, nodename)) { if (head->node_id == requested_node_id) { *host = head; err = 1; goto out_clean; } else { knet_vty_write(vty, "Error: requested peer exists with another nodeid%s", telnet_newline); err = -1; goto out_clean; } } else { if (head->node_id == requested_node_id) { knet_vty_write(vty, "Error: requested peer nodeid already exists%s", telnet_newline); err = -1; goto out_clean; } } head = head->next; } out_clean: while (knet_host_release(knet_iface->cfg_ring.knet_h, &head) != 0) { knet_vty_write(vty, "Error: unable to release lock on peer list!%s", telnet_newline); sleep(1); } return err; } static int knet_cmd_no_peer(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; int paramlen = 0, paramoffset = 0, requested_node_id = 0, err = 0; char *param = NULL; struct knet_host *host = NULL; char nodename[KNET_MAX_HOST_LEN]; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(nodename, sizeof(nodename), param, paramlen); get_param(vty, 2, ¶m, ¶mlen, ¶moffset); requested_node_id = param_to_int(param, paramlen); if (requested_node_id == knet_iface->cfg_eth.node_id) { knet_vty_write(vty, "Error: remote peer id cannot be the same as local id%s", telnet_newline); return -1; } err = knet_find_host(vty, &host, nodename, requested_node_id); if (err < 0) goto out_clean; if (err == 0) { knet_vty_write(vty, "Error: peer not found in list%s", telnet_newline); goto out_clean; } if (host->listener) { if (knet_listener_remove(knet_iface->cfg_ring.knet_h, host->listener) == -EBUSY) { knet_vty_write(vty, "Error: unable to remove listener from current peer%s", telnet_newline); err = -1; goto out_clean; } } if (knet_host_remove(knet_iface->cfg_ring.knet_h, requested_node_id) < 0) { knet_vty_write(vty, "Error: unable to remove peer from current config%s", telnet_newline); err = -1; goto out_clean; } out_clean: return err; } static int knet_cmd_peer(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; int paramlen = 0, paramoffset = 0, requested_node_id = 0, err = 0; char *param = NULL; struct knet_host *host, *temp = NULL; struct knet_listener *listener = NULL; char nodename[KNET_MAX_HOST_LEN]; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(nodename, sizeof(nodename), param, paramlen); get_param(vty, 2, ¶m, ¶mlen, ¶moffset); requested_node_id = param_to_int(param, paramlen); if (requested_node_id == knet_iface->cfg_eth.node_id) { knet_vty_write(vty, "Error: remote peer id cannot be the same as local id%s", telnet_newline); return -1; } err = knet_find_host(vty, &host, nodename, requested_node_id); if (err < 0) goto out_clean; if (err == 0) { if (knet_host_add(knet_iface->cfg_ring.knet_h, requested_node_id) < 0) { knet_vty_write(vty, "Error: unable to allocate memory for host struct!%s", telnet_newline); err = -1; goto out_clean; } knet_host_get(knet_iface->cfg_ring.knet_h, requested_node_id, &temp); host = temp; knet_host_release(knet_iface->cfg_ring.knet_h, &temp); memcpy(host->name, nodename, strlen(nodename)); listener = malloc(sizeof(struct knet_listener)); if (!listener) { knet_vty_write(vty, "Error: unable to allocate memory for listener struct!%s", telnet_newline); err = -1; goto out_clean; } memset(listener, 0, sizeof(struct knet_listener)); snprintf(listener->ipaddr, KNET_MAX_HOST_LEN, "::"); snprintf(listener->port, 6, "%d", knet_iface->cfg_ring.base_port + requested_node_id); if (strtoaddr(listener->ipaddr, listener->port, (struct sockaddr *)&listener->address, sizeof(listener->address)) != 0) { knet_vty_write(vty, "Error: unable to convert ip addr to sockaddr!%s", telnet_newline); err = -1; goto out_clean; } if (knet_listener_add(knet_iface->cfg_ring.knet_h, listener) != 0) { knet_vty_write(vty, "Error: unable to start listener!%s", telnet_newline); err = -1; goto out_clean; } host->listener = listener; } vty->host = (void *)host; vty->node = NODE_PEER; out_clean: if (err < 0) { if (listener) free(listener); if (host) knet_host_remove(knet_iface->cfg_ring.knet_h, host->node_id); } return err; } static int active_listeners(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; struct knet_host *head = NULL; int listeners = 0; if (knet_host_acquire(knet_iface->cfg_ring.knet_h, &head)) { knet_vty_write(vty, "Error: unable to acquire lock on peer list!%s", telnet_newline); return -1; } while (head != NULL) { if (head->listener) listeners++; head = head->next; } while (knet_host_release(knet_iface->cfg_ring.knet_h, &head) != 0) { knet_vty_write(vty, "Error: unable to release lock on peer list!%s", telnet_newline); sleep(1); } return listeners; } static int knet_cmd_baseport(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; int paramlen = 0, paramoffset = 0, err = 0; char *param = NULL; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); /* need to check if baseport is in use by other interfaces */ err = active_listeners(vty); if (!err) { knet_iface->cfg_ring.base_port = param_to_int(param, paramlen); } if (err > 0) { knet_vty_write(vty, "Error: cannot switch baseport when listeners are active%s", telnet_newline); err = -1; } return err; } static int knet_cmd_no_ip(struct knet_vty *vty) { int paramlen = 0, paramoffset = 0; char *param = NULL; char ipaddr[KNET_MAX_HOST_LEN], prefix[4]; struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; char *error_string = NULL; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(ipaddr, sizeof(ipaddr), param, paramlen); get_param(vty, 2, ¶m, ¶mlen, ¶moffset); param_to_str(prefix, sizeof(prefix), param, paramlen); if (tap_del_ip(knet_iface->cfg_eth.tap, ipaddr, prefix, &error_string) < 0) { knet_vty_write(vty, "Error: Unable to del ip addr %s/%s on device %s%s", ipaddr, prefix, tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); if (error_string) { knet_vty_write(vty, "(%s)%s", error_string, telnet_newline); free(error_string); } return -1; } return 0; } static int knet_cmd_ip(struct knet_vty *vty) { int paramlen = 0, paramoffset = 0; char *param = NULL; char ipaddr[512], prefix[4]; struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; char *error_string = NULL; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(ipaddr, sizeof(ipaddr), param, paramlen); get_param(vty, 2, ¶m, ¶mlen, ¶moffset); param_to_str(prefix, sizeof(prefix), param, paramlen); if (tap_add_ip(knet_iface->cfg_eth.tap, ipaddr, prefix, &error_string) < 0) { knet_vty_write(vty, "Error: Unable to set ip addr %s/%s on device %s%s", ipaddr, prefix, tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); if (error_string) { knet_vty_write(vty, "(%s)%s", error_string, telnet_newline); free(error_string); } return -1; } return 0; } static int knet_cmd_no_mtu(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; if (tap_reset_mtu(knet_iface->cfg_eth.tap) < 0) { knet_vty_write(vty, "Error: Unable to set default mtu on device %s%s", tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); return -1; } return 0; } static int knet_cmd_mtu(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; int paramlen = 0, paramoffset = 0, expected_mtu = 0; char *param = NULL; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); expected_mtu = param_to_int(param, paramlen); if (tap_set_mtu(knet_iface->cfg_eth.tap, expected_mtu) < 0) { knet_vty_write(vty, "Error: Unable to set requested mtu %d on device %s%s", expected_mtu, tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); return -1; } return 0; } static int knet_cmd_stop(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; char *error_down = NULL, *error_postdown = NULL; int err = 0; err = tap_set_down(knet_iface->cfg_eth.tap, &error_down, &error_postdown); if (err < 0) { knet_vty_write(vty, "Error: Unable to set interface %s down!%s", tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); } else { knet_handle_setfwd(knet_iface->cfg_ring.knet_h, 0); knet_iface->active = 0; } if (error_down) { knet_vty_write(vty, "down script output:%s(%s)%s", telnet_newline, error_down, telnet_newline); free(error_down); } if (error_postdown) { knet_vty_write(vty, "post-down script output:%s(%s)%s", telnet_newline, error_postdown, telnet_newline); free(error_postdown); } return err; } static int knet_cmd_start(struct knet_vty *vty) { struct knet_cfg *knet_iface = (struct knet_cfg *)vty->iface; char *error_preup = NULL, *error_up = NULL; int err = 0; err = tap_set_up(knet_iface->cfg_eth.tap, &error_preup, &error_up); if (err < 0) { knet_vty_write(vty, "Error: Unable to set interface %s up!%s", tap_get_name(knet_iface->cfg_eth.tap), telnet_newline); knet_handle_setfwd(knet_iface->cfg_ring.knet_h, 0); } else { knet_handle_setfwd(knet_iface->cfg_ring.knet_h, 1); knet_iface->active = 1; } if (error_preup) { knet_vty_write(vty, "pre-up script output:%s(%s)%s", telnet_newline, error_preup, telnet_newline); free(error_preup); } if (error_up) { knet_vty_write(vty, "up script output:%s(%s)%s", telnet_newline, error_up, telnet_newline); free(error_up); } return err; } static int knet_cmd_no_interface(struct knet_vty *vty) { int err = 0, paramlen = 0, paramoffset = 0; char *param = NULL; char device[IFNAMSIZ]; struct knet_cfg *knet_iface = NULL; struct knet_host *host; char *ip_list = NULL; int ip_list_entries = 0, i, offset = 0; char *error_string = NULL; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(device, IFNAMSIZ, param, paramlen); knet_iface = knet_get_iface(device, 0); if (!knet_iface) { knet_vty_write(vty, "Error: Unable to find requested interface%s", telnet_newline); return -1; } vty->iface = (void *)knet_iface; tap_get_ips(knet_iface->cfg_eth.tap, &ip_list, &ip_list_entries); if ((ip_list) && (ip_list_entries > 0)) { for (i = 1; i <= ip_list_entries; i++) { tap_del_ip(knet_iface->cfg_eth.tap, ip_list + offset, ip_list + offset + strlen(ip_list + offset) + 1, &error_string); if (error_string) { free(error_string); error_string = NULL; } offset = offset + strlen(ip_list) + 1; offset = offset + strlen(ip_list + offset) + 1; } free(ip_list); ip_list = NULL; ip_list_entries = 0; } while (1) { struct knet_host *head; while (knet_host_acquire(knet_iface->cfg_ring.knet_h, &head) != 0) { log_error("CLI ERROR: unable to acquire peer lock.. will retry in 1 sec"); sleep (1); } if (head == NULL) break; host = head; while (knet_host_release(knet_iface->cfg_ring.knet_h, &head) != 0) { log_error("CLI ERROR: unable to release peer lock.. will retry in 1 sec"); sleep (1); } for (i = 0; i < KNET_MAX_LINK; i++) host->link[i].ready = 0; knet_listener_remove(knet_iface->cfg_ring.knet_h, host->listener); while (knet_host_remove(knet_iface->cfg_ring.knet_h, host->node_id) != 0) { log_error("CLI ERROR: unable to release peer.. will retry in 1 sec"); sleep (1); } } knet_cmd_stop(vty); if (knet_iface->cfg_ring.knet_h) knet_handle_free(knet_iface->cfg_ring.knet_h); if (knet_iface->cfg_eth.tap) tap_close(knet_iface->cfg_eth.tap); if (knet_iface) knet_destroy_iface(knet_iface); return err; } static int knet_cmd_interface(struct knet_vty *vty) { int err = 0, paramlen = 0, paramoffset = 0, found = 0, requested_id; char *param = NULL, *cur_mac = NULL; char device[IFNAMSIZ]; char mac[18]; int maclen; struct knet_cfg *knet_iface = NULL; struct knet_handle_cfg knet_handle_cfg; get_param(vty, 1, ¶m, ¶mlen, ¶moffset); param_to_str(device, IFNAMSIZ, param, paramlen); get_param(vty, 2, ¶m, ¶mlen, ¶moffset); requested_id = param_to_int(param, paramlen); knet_iface = knet_get_iface(device, 1); if (!knet_iface) { knet_vty_write(vty, "Error: Unable to allocate memory for config structures%s", telnet_newline); return -1; } if (knet_iface->cfg_eth.tap) { found = 1; goto tap_found; } if (!knet_iface->cfg_eth.tap) knet_iface->cfg_eth.tap = tap_open(device, IFNAMSIZ, DEFAULT_CONFIG_DIR); if ((!knet_iface->cfg_eth.tap) && (errno = EBUSY)) { knet_vty_write(vty, "Error: interface %s seems to exist in the system%s", device, telnet_newline); err = -1; goto out_clean; } if (!knet_iface->cfg_eth.tap) { knet_vty_write(vty, "Error: Unable to create %s system tap device%s", device, telnet_newline); err = -1; goto out_clean; } tap_found: if (knet_iface->cfg_ring.knet_h) goto knet_found; memset(&knet_handle_cfg, 0, sizeof(struct knet_handle_cfg)); knet_handle_cfg.fd = tap_get_fd(knet_iface->cfg_eth.tap); knet_handle_cfg.node_id = requested_id; + knet_handle_cfg.crypto_cipher_type = (char *)"none"; + knet_handle_cfg.crypto_hash_type = (char *)"none"; knet_iface->cfg_ring.knet_h = knet_handle_new(&knet_handle_cfg); if (!knet_iface->cfg_ring.knet_h) { knet_vty_write(vty, "Error: Unable to create ring handle for device %s%s", device, telnet_newline); err = -1; goto out_clean; } knet_found: if (found) { if (requested_id == knet_iface->cfg_eth.node_id) goto out_found; knet_vty_write(vty, "Error: no interface %s with nodeid %d found%s", device, requested_id, telnet_newline); goto out_clean; } else { knet_iface->cfg_eth.node_id = requested_id; } if (tap_get_mac(knet_iface->cfg_eth.tap, &cur_mac) < 0) { knet_vty_write(vty, "Error: Unable to get mac address on device %s%s", device, telnet_newline); err = -1; goto out_clean; } memset(&mac, 0, sizeof(mac)); maclen = strrchr(cur_mac, ':') - cur_mac + 1; memcpy(mac, cur_mac, maclen); snprintf(mac + maclen, sizeof(mac) - maclen, "%x", knet_iface->cfg_eth.node_id); free(cur_mac); if (tap_set_mac(knet_iface->cfg_eth.tap, mac) < 0) { knet_vty_write(vty, "Error: Unable to set mac address %s on device %s%s", mac, device, telnet_newline); err = -1; goto out_clean; } out_found: vty->node = NODE_INTERFACE; vty->iface = (void *)knet_iface; out_clean: if (err) { if (knet_iface->cfg_ring.knet_h) knet_handle_free(knet_iface->cfg_ring.knet_h); if (knet_iface->cfg_eth.tap) tap_close(knet_iface->cfg_eth.tap); knet_destroy_iface(knet_iface); } return err; } static int knet_cmd_exit_node(struct knet_vty *vty) { knet_vty_exit_node(vty); return 0; } static int knet_cmd_print_conf(struct knet_vty *vty) { int i; struct knet_cfg *knet_iface = knet_cfg_head.knet_cfg; struct knet_host *host = NULL; const char *nl = telnet_newline; char *ip_list = NULL; int ip_list_entries = 0, offset = 0; if (vty->filemode) nl = file_newline; knet_vty_write(vty, "configure%s", nl); while (knet_iface != NULL) { knet_vty_write(vty, " interface %s %d%s", tap_get_name(knet_iface->cfg_eth.tap), knet_iface->cfg_eth.node_id, nl); knet_vty_write(vty, " mtu %d%s", tap_get_mtu(knet_iface->cfg_eth.tap), nl); tap_get_ips(knet_iface->cfg_eth.tap, &ip_list, &ip_list_entries); if ((ip_list) && (ip_list_entries > 0)) { for (i = 1; i <= ip_list_entries; i++) { knet_vty_write(vty, " ip %s %s%s", ip_list + offset, ip_list + offset + strlen(ip_list + offset) + 1, nl); offset = offset + strlen(ip_list) + 1; offset = offset + strlen(ip_list + offset) + 1; } free(ip_list); ip_list = NULL; ip_list_entries = 0; } knet_vty_write(vty, " baseport %d%s", knet_iface->cfg_ring.base_port, nl); while (knet_host_acquire(knet_iface->cfg_ring.knet_h, &host)) { log_error("CLI ERROR: waiting for peer lock"); sleep(1); } while (host != NULL) { knet_vty_write(vty, " peer %s %d%s", host->name, host->node_id, nl); for (i = 0; i < KNET_MAX_LINK; i++) { if (host->link[i].ready == 1) { knet_vty_write(vty, " link %s%s", host->link[i].ipaddr, nl); /* print link properties */ knet_vty_write(vty, " exit%s", nl); } } knet_vty_write(vty, " exit%s", nl); host = host->next; } while (knet_host_release(knet_iface->cfg_ring.knet_h, &host) != 0) { log_error("CLI ERROR: unable to release peer lock.. will retry in 1 sec"); sleep(1); } if (knet_iface->active) knet_vty_write(vty, " start%s", nl); knet_vty_write(vty, " exit%s", nl); knet_iface = knet_iface->next; } knet_vty_write(vty, " exit%sexit%s", nl, nl); return 0; } static int knet_cmd_show_conf(struct knet_vty *vty) { return knet_cmd_print_conf(vty); } static int knet_cmd_write_conf(struct knet_vty *vty) { int fd = 1, vty_sock, err = 0, backup = 1; char tempfile[PATH_MAX]; memset(tempfile, 0, sizeof(tempfile)); snprintf(tempfile, sizeof(tempfile), "%s.sav", knet_cfg_head.conffile); err = rename(knet_cfg_head.conffile, tempfile); if ((err < 0) && (errno != ENOENT)) { knet_vty_write(vty, "Unable to create backup config file %s %s", tempfile, telnet_newline); return -1; } if ((err < 0) && (errno == ENOENT)) backup = 0; fd = open(knet_cfg_head.conffile, O_RDWR | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR); if (fd < 0) { knet_vty_write(vty, "Error unable to open file%s", telnet_newline); return -1; } vty_sock = vty->vty_sock; vty->vty_sock = fd; vty->filemode = 1; knet_cmd_print_conf(vty); vty->vty_sock = vty_sock; vty->filemode = 0; close(fd); knet_vty_write(vty, "Configuration saved to %s%s", knet_cfg_head.conffile, telnet_newline); if (backup) knet_vty_write(vty, "Old configuration file has been stored in %s%s", tempfile, telnet_newline); return err; } static int knet_cmd_config(struct knet_vty *vty) { int err = 0; if (!vty->user_can_enable) { knet_vty_write(vty, "Error: user %s does not have enough privileges to perform config operations%s", vty->username, telnet_newline); return -1; } pthread_mutex_lock(&knet_vty_mutex); if (knet_vty_config >= 0) { knet_vty_write(vty, "Error: configuration is currently locked by user %s on vty(%d). Try again later%s", vty->username, knet_vty_config, telnet_newline); err = -1; goto out_clean; } vty->node = NODE_CONFIG; knet_vty_config = vty->conn_num; out_clean: pthread_mutex_unlock(&knet_vty_mutex); return err; } static int knet_cmd_logout(struct knet_vty *vty) { vty->got_epipe = 1; return 0; } static int knet_cmd_who(struct knet_vty *vty) { int conn_index; pthread_mutex_lock(&knet_vty_mutex); for(conn_index = 0; conn_index < KNET_VTY_TOTAL_MAX_CONN; conn_index++) { if (knet_vtys[conn_index].active) { knet_vty_write(vty, "User %s connected on vty(%d) from %s%s", knet_vtys[conn_index].username, knet_vtys[conn_index].conn_num, knet_vtys[conn_index].ip, telnet_newline); } } pthread_mutex_unlock(&knet_vty_mutex); return 0; } static int knet_cmd_help(struct knet_vty *vty) { knet_vty_write(vty, PACKAGE " VTY provides advanced help feature.%s%s" "When you need help, anytime at the command line please press '?'.%s%s" "If nothing matches, the help list will be empty and you must backup%s" " until entering a '?' shows the available options.%s", telnet_newline, telnet_newline, telnet_newline, telnet_newline, telnet_newline, telnet_newline); return 0; } /* exported API to vty_cli.c */ int knet_vty_execute_cmd(struct knet_vty *vty) { const vty_node_cmds_t *cmds = NULL; char *cmd = NULL; int cmdlen = 0; int cmdoffset = 0; if (knet_vty_is_line_empty(vty)) return 0; cmds = get_cmds(vty, &cmd, &cmdlen, &cmdoffset); /* this will eventually disappear. keep it as safeguard for now */ if (cmds == NULL) { knet_vty_write(vty, "No commands associated to this node%s", telnet_newline); return 0; } return match_command(vty, cmds, cmd, cmdlen, cmdoffset, KNET_VTY_MATCH_EXEC); } int knet_read_conf(void) { int err = 0, len = 0, line = 0; struct knet_vty *vty = &knet_vtys[0]; FILE *file = NULL; file = fopen(knet_cfg_head.conffile, "r"); if ((file == NULL) && (errno != ENOENT)) { log_error("Unable to open config file for reading %s", knet_cfg_head.conffile); return -1; } if ((file == NULL) && (errno == ENOENT)) { log_info("Configuration file %s not found, starting with default empty config", knet_cfg_head.conffile); return 0; } vty->vty_sock = 1; vty->user_can_enable = 1; vty->filemode = 1; while(fgets(vty->line, sizeof(vty->line), file) != NULL) { line++; len = strlen(vty->line) - 1; memset(&vty->line[len], 0, 1); vty->line_idx = len; err = knet_vty_execute_cmd(vty); if (err != 0) { log_error("line[%d]: %s", line, vty->line); break; } } fclose(file); memset(vty, 0, sizeof(vty)); return err; } void knet_vty_help(struct knet_vty *vty) { int idx = 0; const vty_node_cmds_t *cmds = NULL; char *cmd = NULL; int cmdlen = 0; int cmdoffset = 0; cmds = get_cmds(vty, &cmd, &cmdlen, &cmdoffset); /* this will eventually disappear. keep it as safeguard for now */ if (cmds == NULL) { knet_vty_write(vty, "No commands associated to this node%s", telnet_newline); return; } if (knet_vty_is_line_empty(vty) || cmd == NULL) { while (cmds[idx].cmd != NULL) { print_help(vty, cmds, idx); idx++; } return; } match_command(vty, cmds, cmd, cmdlen, cmdoffset, KNET_VTY_MATCH_HELP); } void knet_vty_tab_completion(struct knet_vty *vty) { const vty_node_cmds_t *cmds = NULL; char *cmd = NULL; int cmdlen = 0; int cmdoffset = 0; if (knet_vty_is_line_empty(vty)) return; knet_vty_write(vty, "%s", telnet_newline); cmds = get_cmds(vty, &cmd, &cmdlen, &cmdoffset); /* this will eventually disappear. keep it as safeguard for now */ if (cmds == NULL) { knet_vty_write(vty, "No commands associated to this node%s", telnet_newline); return; } match_command(vty, cmds, cmd, cmdlen, cmdoffset, KNET_VTY_MATCH_EXPAND); knet_vty_prompt(vty); knet_vty_write(vty, "%s", vty->line); } diff --git a/libknet/Makefile.am b/libknet/Makefile.am index 33b894a2..c44d4976 100644 --- a/libknet/Makefile.am +++ b/libknet/Makefile.am @@ -1,21 +1,24 @@ MAINTAINERCLEANFILES = Makefile.in LIBS = -lpthread \ -version-info $(libversion) libversion = 0:0:0 sources = \ common.c \ handle.c \ host.c \ - listener.c + listener.c \ + nsscrypto.c include_HEADERS = libknet.h -noinst_HEADERS = libknet-private.h +noinst_HEADERS = libknet-private.h \ + nsscrypto.h -noinst_LIBRARIES = libknet.a -#lib_LTLIBRARIES = libknet.la +lib_LTLIBRARIES = libknet.la -libknet_a_SOURCES = $(sources) -#libknet_la_SOURCES = $(sources) +libknet_la_SOURCES = $(sources) + +libknet_la_CFLAGS = $(nss_CFLAGS) +libknet_la_LIBADD = $(nss_LIBS) diff --git a/libknet/handle.c b/libknet/handle.c index 8ff9fbab..0bb60d43 100644 --- a/libknet/handle.c +++ b/libknet/handle.c @@ -1,419 +1,424 @@ #include "config.h" #include #include #include #include #include #include #include "libknet-private.h" +#include "nsscrypto.h" #define KNET_MAX_EVENTS 8 #define KNET_PING_TIMERES 200000 #define KNET_DATABUFSIZE 131072 /* 128k */ #define KNET_PINGBUFSIZE sizeof(struct knet_frame) static void *_handle_tap_to_links_thread(void *data); static void *_handle_recv_from_links_thread(void *data); static void *_handle_heartbt_thread(void *data); knet_handle_t knet_handle_new(const struct knet_handle_cfg *knet_handle_cfg) { knet_handle_t knet_h; struct epoll_event ev; /* * validate incoming config request */ if (knet_handle_cfg == NULL) { errno = EINVAL; return NULL; } if (knet_handle_cfg->fd <= 0) { errno = EINVAL; return NULL; } - /* - * cryto hooks will validate crypto config - */ - //crypto_init if ((knet_h = malloc(sizeof(struct knet_handle))) == NULL) return NULL; memset(knet_h, 0, sizeof(struct knet_handle)); - if ((knet_h->tap_to_links_buf = malloc(KNET_DATABUFSIZE))== NULL) + if (crypto_init(knet_h, knet_handle_cfg) < 0) goto exit_fail1; + if ((knet_h->tap_to_links_buf = malloc(KNET_DATABUFSIZE))== NULL) + goto exit_fail2; + memset(knet_h->tap_to_links_buf, 0, KNET_DATABUFSIZE); if ((knet_h->recv_from_links_buf = malloc(KNET_DATABUFSIZE))== NULL) - goto exit_fail2; + goto exit_fail3; memset(knet_h->recv_from_links_buf, 0, KNET_DATABUFSIZE); if ((knet_h->pingbuf = malloc(KNET_PINGBUFSIZE))== NULL) - goto exit_fail3; + goto exit_fail4; memset(knet_h->pingbuf, 0, KNET_PINGBUFSIZE); if (pthread_rwlock_init(&knet_h->list_rwlock, NULL) != 0) - goto exit_fail4; + goto exit_fail5; knet_h->sockfd = knet_handle_cfg->fd; knet_h->tap_to_links_epollfd = epoll_create(KNET_MAX_EVENTS); knet_h->recv_from_links_epollfd = epoll_create(KNET_MAX_EVENTS); knet_h->node_id = knet_handle_cfg->node_id; if ((knet_h->tap_to_links_epollfd < 0) || (knet_h->recv_from_links_epollfd < 0)) - goto exit_fail5; + goto exit_fail6; if ((_fdset_cloexec(knet_h->tap_to_links_epollfd) != 0) || (_fdset_cloexec(knet_h->recv_from_links_epollfd != 0))) - goto exit_fail5; + goto exit_fail6; memset(&ev, 0, sizeof(struct epoll_event)); ev.events = EPOLLIN; ev.data.fd = knet_h->sockfd; if (epoll_ctl(knet_h->tap_to_links_epollfd, EPOLL_CTL_ADD, knet_h->sockfd, &ev) != 0) - goto exit_fail5; + goto exit_fail6; if (pthread_create(&knet_h->tap_to_links_thread, 0, _handle_tap_to_links_thread, (void *) knet_h) != 0) - goto exit_fail5; + goto exit_fail6; if (pthread_create(&knet_h->recv_from_links_thread, 0, _handle_recv_from_links_thread, (void *) knet_h) != 0) - goto exit_fail6; + goto exit_fail7; if (pthread_create(&knet_h->heartbt_thread, 0, _handle_heartbt_thread, (void *) knet_h) != 0) - goto exit_fail7; + goto exit_fail8; return knet_h; -exit_fail7: +exit_fail8: pthread_cancel(knet_h->recv_from_links_thread); -exit_fail6: +exit_fail7: pthread_cancel(knet_h->tap_to_links_thread); -exit_fail5: +exit_fail6: if (knet_h->tap_to_links_epollfd >= 0) close(knet_h->tap_to_links_epollfd); if (knet_h->recv_from_links_epollfd >= 0) close(knet_h->recv_from_links_epollfd); pthread_rwlock_destroy(&knet_h->list_rwlock); -exit_fail4: +exit_fail5: free(knet_h->pingbuf); -exit_fail3: +exit_fail4: free(knet_h->recv_from_links_buf); -exit_fail2: +exit_fail3: free(knet_h->tap_to_links_buf); +exit_fail2: + crypto_fini(knet_h); + exit_fail1: free(knet_h); return NULL; } int knet_handle_free(knet_handle_t knet_h) { void *retval; if ((knet_h->host_head != NULL) || (knet_h->listener_head != NULL)) goto exit_busy; pthread_cancel(knet_h->heartbt_thread); pthread_join(knet_h->heartbt_thread, &retval); if (retval != PTHREAD_CANCELED) goto exit_busy; pthread_cancel(knet_h->tap_to_links_thread); pthread_join(knet_h->tap_to_links_thread, &retval); if (retval != PTHREAD_CANCELED) goto exit_busy; pthread_cancel(knet_h->recv_from_links_thread); pthread_join(knet_h->recv_from_links_thread, &retval); if (retval != PTHREAD_CANCELED) goto exit_busy; close(knet_h->tap_to_links_epollfd); close(knet_h->recv_from_links_epollfd); pthread_rwlock_destroy(&knet_h->list_rwlock); free(knet_h->tap_to_links_buf); free(knet_h->recv_from_links_buf); free(knet_h->pingbuf); + crypto_fini(knet_h); + free(knet_h); return 0; exit_busy: errno = EBUSY; return -EBUSY; } void knet_handle_setfwd(knet_handle_t knet_h, int enabled) { knet_h->enabled = (enabled == 1) ? 1 : 0; } void knet_link_timeout(struct knet_link *lnk, time_t interval, time_t timeout, int precision) { lnk->ping_interval = interval * 1000; /* microseconds */ lnk->pong_timeout = timeout * 1000; /* microseconds */ lnk->latency_fix = precision; lnk->latency_exp = precision - \ ((lnk->ping_interval * precision) / 8000000); } static void _handle_tap_to_links(knet_handle_t knet_h) { int j; ssize_t len, snt; struct knet_host *i; len = read(knet_h->sockfd, knet_h->tap_to_links_buf->kf_data, KNET_DATABUFSIZE - KNET_FRAME_SIZE); if (len == 0) { /* TODO: disconnection, should never happen! */ return; } len += KNET_FRAME_SIZE; if (knet_h->enabled != 1) /* data forward is disabled */ return; /* TODO: packet inspection */ knet_h->tap_to_links_buf->kf_type = KNET_FRAME_DATA; if (pthread_rwlock_rdlock(&knet_h->list_rwlock) != 0) return; for (i = knet_h->host_head; i != NULL; i = i->next) { for (j = 0; j < KNET_MAX_LINK; j++) { if (i->link[j].enabled != 1) /* link is disabled */ continue; snt = sendto(i->link[j].sock, knet_h->tap_to_links_buf, len, MSG_DONTWAIT, (struct sockaddr *) &i->link[j].address, sizeof(struct sockaddr_storage)); if ((i->active == 0) && (snt == len)) break; } } pthread_rwlock_unlock(&knet_h->list_rwlock); } static void _handle_recv_from_links(knet_handle_t knet_h, int sockfd) { ssize_t len; struct sockaddr_storage address; socklen_t addrlen; struct knet_host *src_host; struct knet_link *src_link; unsigned long long latency_last; if (pthread_rwlock_rdlock(&knet_h->list_rwlock) != 0) return; addrlen = sizeof(struct sockaddr_storage); len = recvfrom(sockfd, knet_h->recv_from_links_buf, KNET_DATABUFSIZE, MSG_DONTWAIT, (struct sockaddr *) &address, &addrlen); if (len < (KNET_FRAME_SIZE + 1)) goto exit_unlock; if (ntohl(knet_h->recv_from_links_buf->kf_magic) != KNET_FRAME_MAGIC) goto exit_unlock; if (knet_h->recv_from_links_buf->kf_version != KNET_FRAME_VERSION) goto exit_unlock; src_host = NULL; src_link = NULL; if ((knet_h->recv_from_links_buf->kf_type & KNET_FRAME_PMSK) != 0) { knet_h->recv_from_links_buf->kf_node = ntohs(knet_h->recv_from_links_buf->kf_node); src_host = knet_h->host_index[knet_h->recv_from_links_buf->kf_node]; if (src_host == NULL) /* host not found */ goto exit_unlock; src_link = src_host->link + (knet_h->recv_from_links_buf->kf_link % KNET_MAX_LINK); } switch (knet_h->recv_from_links_buf->kf_type) { case KNET_FRAME_DATA: if (knet_h->enabled != 1) /* data forward is disabled */ break; write(knet_h->sockfd, knet_h->recv_from_links_buf->kf_data, len - KNET_FRAME_SIZE); break; case KNET_FRAME_PING: knet_h->recv_from_links_buf->kf_type = KNET_FRAME_PONG; knet_h->recv_from_links_buf->kf_node = htons(knet_h->node_id); sendto(src_link->sock, knet_h->recv_from_links_buf, len, MSG_DONTWAIT, (struct sockaddr *) &src_link->address, sizeof(struct sockaddr_storage)); break; case KNET_FRAME_PONG: clock_gettime(CLOCK_MONOTONIC, &src_link->pong_last); timespec_diff(knet_h->recv_from_links_buf->kf_time, src_link->pong_last, &latency_last); src_link->latency = ((src_link->latency * src_link->latency_exp) + ((latency_last / 1000llu) * (src_link->latency_fix - src_link->latency_exp))) / src_link->latency_fix; if (src_link->latency < src_link->pong_timeout) src_link->enabled = 1; break; default: goto exit_unlock; } exit_unlock: pthread_rwlock_unlock(&knet_h->list_rwlock); } static void _handle_check_each(knet_handle_t knet_h, struct knet_link *dst_link) { int len; struct timespec clock_now, pong_last; unsigned long long diff_ping; /* caching last pong to avoid race conditions */ pong_last = dst_link->pong_last; if (clock_gettime(CLOCK_MONOTONIC, &clock_now) != 0) return; timespec_diff(dst_link->ping_last, clock_now, &diff_ping); if (diff_ping >= (dst_link->ping_interval * 1000llu)) { knet_h->pingbuf->kf_time = clock_now; knet_h->pingbuf->kf_link = dst_link->link_id; len = sendto(dst_link->sock, knet_h->pingbuf, KNET_PINGBUFSIZE, MSG_DONTWAIT, (struct sockaddr *) &dst_link->address, sizeof(struct sockaddr_storage)); if (len == KNET_PINGBUFSIZE) dst_link->ping_last = clock_now; } if (dst_link->enabled == 1) { timespec_diff(pong_last, clock_now, &diff_ping); if (diff_ping >= (dst_link->pong_timeout * 1000llu)) dst_link->enabled = 0; /* TODO: might need write lock */ } } static void *_handle_heartbt_thread(void *data) { int j; knet_handle_t knet_h; struct knet_host *i; knet_h = (knet_handle_t) data; /* preparing ping buffer */ knet_h->pingbuf->kf_magic = htonl(KNET_FRAME_MAGIC); knet_h->pingbuf->kf_version = KNET_FRAME_VERSION; knet_h->pingbuf->kf_type = KNET_FRAME_PING; knet_h->pingbuf->kf_node = htons(knet_h->node_id); while (1) { usleep(KNET_PING_TIMERES); if (pthread_rwlock_rdlock(&knet_h->list_rwlock) != 0) continue; for (i = knet_h->host_head; i != NULL; i = i->next) { for (j = 0; j < KNET_MAX_LINK; j++) { if (i->link[j].ready != 1) continue; _handle_check_each(knet_h, &i->link[j]); } } pthread_rwlock_unlock(&knet_h->list_rwlock); } return NULL; } static void *_handle_tap_to_links_thread(void *data) { knet_handle_t knet_h; struct epoll_event events[KNET_MAX_EVENTS]; knet_h = (knet_handle_t) data; /* preparing data buffer */ knet_h->tap_to_links_buf->kf_magic = htonl(KNET_FRAME_MAGIC); knet_h->tap_to_links_buf->kf_version = KNET_FRAME_VERSION; while (1) { if (epoll_wait(knet_h->tap_to_links_epollfd, events, KNET_MAX_EVENTS, -1) >= 1) _handle_tap_to_links(knet_h); } return NULL; } static void *_handle_recv_from_links_thread(void *data) { int i, nev; knet_handle_t knet_h; struct epoll_event events[KNET_MAX_EVENTS]; knet_h = (knet_handle_t) data; /* preparing data buffer */ knet_h->recv_from_links_buf->kf_magic = htonl(KNET_FRAME_MAGIC); knet_h->recv_from_links_buf->kf_version = KNET_FRAME_VERSION; while (1) { nev = epoll_wait(knet_h->recv_from_links_epollfd, events, KNET_MAX_EVENTS, -1); for (i = 0; i < nev; i++) { _handle_recv_from_links(knet_h, events[i].data.fd); } } return NULL; } diff --git a/libknet/libknet-private.h b/libknet/libknet-private.h index a02accbd..74971960 100644 --- a/libknet/libknet-private.h +++ b/libknet/libknet-private.h @@ -1,39 +1,41 @@ #ifndef __KNETHANDLE_H__ #define __KNETHANDLE_H__ /* NOTE: you shouldn't need to include this header normally, it is provided for * testing purpose only. */ #include "libknet.h" #define timespec_diff(start, end, diff) \ do { \ if (end.tv_sec > start.tv_sec) \ *(diff) = ((end.tv_sec - start.tv_sec) * 1000000000llu) \ + end.tv_nsec - start.tv_nsec; \ else \ *(diff) = end.tv_nsec - start.tv_nsec; \ } while (0); struct knet_handle { int sockfd; int tap_to_links_epollfd; int recv_from_links_epollfd; uint16_t node_id; unsigned int enabled:1; struct knet_host *host_head; struct knet_host *host_index[KNET_MAX_HOST]; struct knet_listener *listener_head; struct knet_frame *tap_to_links_buf; + char *tap_to_links_buf_crypt; struct knet_frame *recv_from_links_buf; struct knet_frame *pingbuf; pthread_t tap_to_links_thread; pthread_t recv_from_links_thread; pthread_t heartbt_thread; pthread_rwlock_t list_rwlock; + struct crypto_instance *crypto_instance; }; int _fdset_cloexec(int fd); #endif diff --git a/libknet/libknet.h b/libknet/libknet.h index f24c722b..98ae5770 100644 --- a/libknet/libknet.h +++ b/libknet/libknet.h @@ -1,121 +1,121 @@ #ifndef __RING_H__ #define __RING_H__ #include #include typedef struct knet_handle *knet_handle_t; #define KNET_RING_DEFPORT 50000 #define KNET_RING_RCVBUFF 8388608 #define KNET_MAX_HOST 65536 #define KNET_MAX_LINK 8 #define KNET_MAX_HOST_LEN 64 struct knet_link { uint8_t link_id; int sock; char ipaddr[KNET_MAX_HOST_LEN]; char port[6]; struct sockaddr_storage address; unsigned int ready:1; /* link is configured and ready to be used */ unsigned int enabled:1; /* link is enabled for data */ unsigned long long latency; /* average latency computed by fix/exp */ unsigned int latency_exp; unsigned int latency_fix; unsigned long long ping_interval; unsigned long long pong_timeout; struct timespec ping_last; struct timespec pong_last; }; struct knet_host { uint16_t node_id; char name[KNET_MAX_HOST_LEN]; unsigned int active:1; /* data packets are sent to all links */ struct knet_listener *listener; struct knet_link link[KNET_MAX_LINK]; struct knet_host *next; }; struct knet_listener { int sock; char ipaddr[KNET_MAX_HOST_LEN]; char port[6]; struct sockaddr_storage address; struct knet_listener *next; }; union knet_frame_data { uint8_t kfd_data[0]; struct { uint16_t kfd_node; uint8_t kfd_link; struct timespec kfd_time; }; } __attribute__((packed)); struct knet_frame { uint32_t kf_magic; uint8_t kf_version; uint8_t kf_type; uint16_t __pad; union knet_frame_data kf_payload; } __attribute__((packed)); #define kf_data kf_payload.kfd_data #define kf_node kf_payload.kfd_node #define kf_link kf_payload.kfd_link #define kf_time kf_payload.kfd_time #define KNET_FRAME_SIZE (sizeof(struct knet_frame) - sizeof(union knet_frame_data)) #define KNET_FRAME_MAGIC 0x12344321 #define KNET_FRAME_VERSION 0x01 #define KNET_FRAME_DATA 0x00 #define KNET_FRAME_PING 0x81 #define KNET_FRAME_PONG 0x82 #define KNET_FRAME_PMSK 0x80 /* ping/pong packet mask */ struct knet_handle_cfg { int fd; uint16_t node_id; char *crypto_cipher_type; char *crypto_hash_type; - char *private_key; + unsigned char *private_key; unsigned int private_key_len; }; knet_handle_t knet_handle_new(const struct knet_handle_cfg *knet_handle_cfg); void knet_handle_setfwd(knet_handle_t knet_h, int enabled); int knet_handle_free(knet_handle_t knet_h); int knet_host_add(knet_handle_t knet_h, uint16_t node_id); int knet_host_acquire(knet_handle_t knet_h, struct knet_host **host); int knet_host_get(knet_handle_t knet_h, uint16_t node_id, struct knet_host **host); int knet_host_release(knet_handle_t knet_h, struct knet_host **host); int knet_host_remove(knet_handle_t knet_h, uint16_t node_id); void knet_link_timeout(struct knet_link *lnk, time_t interval, time_t timeout, int precision); #define KNET_HOST_FOREACH_NEXT 0 /* next host */ #define KNET_HOST_FOREACH_FOUND 1 /* host found, exit loop */ struct knet_host_search { int param1; /* user parameter 1 */ void *data1; /* user data pointer 1 */ void *data2; /* user data pointer 2 */ int retval; /* search return value */ }; typedef int (*knet_link_fn_t)(knet_handle_t knet_h, struct knet_host *host, struct knet_host_search *data); int knet_host_foreach(knet_handle_t knet_h, knet_link_fn_t linkfun, struct knet_host_search *data); int knet_listener_acquire(knet_handle_t knet_h, struct knet_listener **head, int writelock); int knet_listener_release(knet_handle_t knet_h); int knet_listener_add(knet_handle_t knet_h, struct knet_listener *listener); int knet_listener_remove(knet_handle_t knet_h, struct knet_listener *listener); #endif diff --git a/libknet/totemcrypto.c b/libknet/nsscrypto.c similarity index 62% rename from libknet/totemcrypto.c rename to libknet/nsscrypto.c index dc6b863d..2e5aca54 100644 --- a/libknet/totemcrypto.c +++ b/libknet/nsscrypto.c @@ -1,737 +1,699 @@ -/* - * Copyright (c) 2006-2012 Red Hat, Inc. - * - * All rights reserved. - * - * Author: Steven Dake (sdake@redhat.com) - * Christine Caulfield (ccaulfie@redhat.com) - * Jan Friesse (jfriesse@redhat.com) - * Fabio M. Di Nitto (fdinitto@redhat.com) - * - * This software licensed under BSD license, the text of which follows: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - Neither the name of the MontaVista Software, Inc. nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - */ - #include "config.h" #include #include #include #include #include #include -#define LOGSYS_UTILS_ONLY 1 -#include -#include -#include "totemcrypto.h" +#include "nsscrypto.h" +#include "libknet-private.h" /* * define onwire crypto header */ struct crypto_config_header { uint8_t crypto_cipher_type; uint8_t crypto_hash_type; uint8_t __pad0; uint8_t __pad1; } __attribute__((packed)); /* * crypto definitions and conversion tables */ #define SALT_SIZE 16 enum crypto_crypt_t { CRYPTO_CIPHER_TYPE_NONE = 0, CRYPTO_CIPHER_TYPE_AES256 = 1 }; CK_MECHANISM_TYPE cipher_to_nss[] = { 0, /* CRYPTO_CIPHER_TYPE_NONE */ CKM_AES_CBC_PAD /* CRYPTO_CIPHER_TYPE_AES256 */ }; size_t cipher_key_len[] = { 0, /* CRYPTO_CIPHER_TYPE_NONE */ 32, /* CRYPTO_CIPHER_TYPE_AES256 */ }; size_t cypher_block_len[] = { 0, /* CRYPTO_CIPHER_TYPE_NONE */ AES_BLOCK_SIZE /* CRYPTO_CIPHER_TYPE_AES256 */ }; /* * hash definitions and conversion tables */ enum crypto_hash_t { CRYPTO_HASH_TYPE_NONE = 0, CRYPTO_HASH_TYPE_MD5 = 1, CRYPTO_HASH_TYPE_SHA1 = 2, CRYPTO_HASH_TYPE_SHA256 = 3, CRYPTO_HASH_TYPE_SHA384 = 4, CRYPTO_HASH_TYPE_SHA512 = 5 }; CK_MECHANISM_TYPE hash_to_nss[] = { 0, /* CRYPTO_HASH_TYPE_NONE */ CKM_MD5_HMAC, /* CRYPTO_HASH_TYPE_MD5 */ CKM_SHA_1_HMAC, /* CRYPTO_HASH_TYPE_SHA1 */ CKM_SHA256_HMAC, /* CRYPTO_HASH_TYPE_SHA256 */ CKM_SHA384_HMAC, /* CRYPTO_HASH_TYPE_SHA384 */ CKM_SHA512_HMAC /* CRYPTO_HASH_TYPE_SHA512 */ }; size_t hash_len[] = { 0, /* CRYPTO_HASH_TYPE_NONE */ MD5_LENGTH, /* CRYPTO_HASH_TYPE_MD5 */ SHA1_LENGTH, /* CRYPTO_HASH_TYPE_SHA1 */ SHA256_LENGTH, /* CRYPTO_HASH_TYPE_SHA256 */ SHA384_LENGTH, /* CRYPTO_HASH_TYPE_SHA384 */ SHA512_LENGTH /* CRYPTO_HASH_TYPE_SHA512 */ }; size_t hash_block_len[] = { 0, /* CRYPTO_HASH_TYPE_NONE */ MD5_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_MD5 */ SHA1_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA1 */ SHA256_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA256 */ SHA384_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA384 */ SHA512_BLOCK_LENGTH /* CRYPTO_HASH_TYPE_SHA512 */ }; struct crypto_instance { PK11SymKey *nss_sym_key; PK11SymKey *nss_sym_key_sign; - unsigned char private_key[1024]; + unsigned char *private_key; unsigned int private_key_len; enum crypto_crypt_t crypto_cipher_type; enum crypto_hash_t crypto_hash_type; unsigned int crypto_header_size; - - void (*log_printf_func) ( - int level, - int subsys, - const char *function, - const char *file, - int line, - const char *format, - ...)__attribute__((format(printf, 6, 7))); - - int log_level_security; - int log_level_notice; - int log_level_error; - int log_subsys_id; }; -#define log_printf(level, format, args...) \ -do { \ - instance->log_printf_func ( \ - level, instance->log_subsys_id, \ - __FUNCTION__, __FILE__, __LINE__, \ - (const char *)format, ##args); \ -} while (0); - /* * crypt/decrypt functions */ static int string_to_crypto_cipher_type(const char* crypto_cipher_type) { if (strcmp(crypto_cipher_type, "none") == 0) { return CRYPTO_CIPHER_TYPE_NONE; } else if (strcmp(crypto_cipher_type, "aes256") == 0) { return CRYPTO_CIPHER_TYPE_AES256; } - return CRYPTO_CIPHER_TYPE_AES256; + return -1; } static int init_nss_crypto(struct crypto_instance *instance) { PK11SlotInfo* crypt_slot = NULL; SECItem crypt_param; if (!cipher_to_nss[instance->crypto_cipher_type]) { return 0; } crypt_param.type = siBuffer; crypt_param.data = instance->private_key; crypt_param.len = cipher_key_len[instance->crypto_cipher_type]; crypt_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL); if (crypt_slot == NULL) { - log_printf(instance->log_level_security, "Unable to find security slot (err %d)", - PR_GetError()); + // log_printf(instance->log_level_security, "Unable to find security slot (err %d)", + // PR_GetError()); return -1; } instance->nss_sym_key = PK11_ImportSymKey(crypt_slot, cipher_to_nss[instance->crypto_cipher_type], PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT, &crypt_param, NULL); if (instance->nss_sym_key == NULL) { - log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)", - PR_GetError()); + // log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)", + // PR_GetError()); return -1; } PK11_FreeSlot(crypt_slot); return 0; } static int encrypt_nss( struct crypto_instance *instance, const unsigned char *buf_in, const size_t buf_in_len, unsigned char *buf_out, size_t *buf_out_len) { PK11Context* crypt_context = NULL; SECItem crypt_param; SECItem *nss_sec_param = NULL; int tmp1_outlen = 0; unsigned int tmp2_outlen = 0; unsigned char *salt = buf_out; unsigned char *data = buf_out + SALT_SIZE; int err = -1; if (!cipher_to_nss[instance->crypto_cipher_type]) { memcpy(buf_out, buf_in, buf_in_len); *buf_out_len = buf_in_len; return 0; } if (PK11_GenerateRandom (salt, SALT_SIZE) != SECSuccess) { - log_printf(instance->log_level_security, - "Failure to generate a random number %d", - PR_GetError()); + //log_printf(instance->log_level_security, + // "Failure to generate a random number %d", + // PR_GetError()); goto out; } crypt_param.type = siBuffer; crypt_param.data = salt; crypt_param.len = SALT_SIZE; nss_sec_param = PK11_ParamFromIV (cipher_to_nss[instance->crypto_cipher_type], &crypt_param); if (nss_sec_param == NULL) { - log_printf(instance->log_level_security, - "Failure to set up PKCS11 param (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, + // "Failure to set up PKCS11 param (err %d)", + // PR_GetError()); goto out; } /* * Create cipher context for encryption */ crypt_context = PK11_CreateContextBySymKey (cipher_to_nss[instance->crypto_cipher_type], CKA_ENCRYPT, instance->nss_sym_key, nss_sec_param); if (!crypt_context) { - log_printf(instance->log_level_security, - "PK11_CreateContext failed (encrypt) crypt_type=%d (err %d)", - (int)cipher_to_nss[instance->crypto_cipher_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_CreateContext failed (encrypt) crypt_type=%d (err %d)", + // (int)cipher_to_nss[instance->crypto_cipher_type], + // PR_GetError()); goto out; } if (PK11_CipherOp(crypt_context, data, &tmp1_outlen, - FRAME_SIZE_MAX - instance->crypto_header_size, + KNET_FRAME_SIZE - instance->crypto_header_size, (unsigned char *)buf_in, buf_in_len) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_CipherOp failed (encrypt) crypt_type=%d (err %d)", - (int)cipher_to_nss[instance->crypto_cipher_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_CipherOp failed (encrypt) crypt_type=%d (err %d)", + // (int)cipher_to_nss[instance->crypto_cipher_type], + // PR_GetError()); goto out; } if (PK11_DigestFinal(crypt_context, data + tmp1_outlen, - &tmp2_outlen, FRAME_SIZE_MAX - tmp1_outlen) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_DigestFinal failed (encrypt) crypt_type=%d (err %d)", - (int)cipher_to_nss[instance->crypto_cipher_type], - PR_GetError()); + &tmp2_outlen, KNET_FRAME_SIZE - tmp1_outlen) != SECSuccess) { + //log_printf(instance->log_level_security, + // "PK11_DigestFinal failed (encrypt) crypt_type=%d (err %d)", + // (int)cipher_to_nss[instance->crypto_cipher_type], + // PR_GetError()); goto out; } *buf_out_len = tmp1_outlen + tmp2_outlen + SALT_SIZE; err = 0; out: if (crypt_context) { PK11_DestroyContext(crypt_context, PR_TRUE); } if (nss_sec_param) { SECITEM_FreeItem(nss_sec_param, PR_TRUE); } return err; } static int decrypt_nss ( struct crypto_instance *instance, unsigned char *buf, int *buf_len) { PK11Context* decrypt_context = NULL; SECItem decrypt_param; int tmp1_outlen = 0; unsigned int tmp2_outlen = 0; unsigned char *salt = buf; unsigned char *data = salt + SALT_SIZE; int datalen = *buf_len - SALT_SIZE; - unsigned char outbuf[FRAME_SIZE_MAX]; + unsigned char outbuf[KNET_FRAME_SIZE]; int outbuf_len; int err = -1; if (!cipher_to_nss[instance->crypto_cipher_type]) { return 0; } /* Create cipher context for decryption */ decrypt_param.type = siBuffer; decrypt_param.data = salt; decrypt_param.len = SALT_SIZE; decrypt_context = PK11_CreateContextBySymKey(cipher_to_nss[instance->crypto_cipher_type], CKA_DECRYPT, instance->nss_sym_key, &decrypt_param); if (!decrypt_context) { - log_printf(instance->log_level_security, - "PK11_CreateContext (decrypt) failed (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_CreateContext (decrypt) failed (err %d)", + // PR_GetError()); goto out; } if (PK11_CipherOp(decrypt_context, outbuf, &tmp1_outlen, sizeof(outbuf), data, datalen) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_CipherOp (decrypt) failed (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_CipherOp (decrypt) failed (err %d)", + // PR_GetError()); goto out; } if (PK11_DigestFinal(decrypt_context, outbuf + tmp1_outlen, &tmp2_outlen, sizeof(outbuf) - tmp1_outlen) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_DigestFinal (decrypt) failed (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_DigestFinal (decrypt) failed (err %d)", + // PR_GetError()); goto out; } outbuf_len = tmp1_outlen + tmp2_outlen; memset(buf, 0, *buf_len); memcpy(buf, outbuf, outbuf_len); *buf_len = outbuf_len; err = 0; out: if (decrypt_context) { PK11_DestroyContext(decrypt_context, PR_TRUE); } return err; } /* * hash/hmac/digest functions */ static int string_to_crypto_hash_type(const char* crypto_hash_type) { if (strcmp(crypto_hash_type, "none") == 0) { return CRYPTO_HASH_TYPE_NONE; } else if (strcmp(crypto_hash_type, "md5") == 0) { return CRYPTO_HASH_TYPE_MD5; } else if (strcmp(crypto_hash_type, "sha1") == 0) { return CRYPTO_HASH_TYPE_SHA1; } else if (strcmp(crypto_hash_type, "sha256") == 0) { return CRYPTO_HASH_TYPE_SHA256; } else if (strcmp(crypto_hash_type, "sha384") == 0) { return CRYPTO_HASH_TYPE_SHA384; } else if (strcmp(crypto_hash_type, "sha512") == 0) { return CRYPTO_HASH_TYPE_SHA512; } - return CRYPTO_HASH_TYPE_SHA1; + return -1; } static int init_nss_hash(struct crypto_instance *instance) { PK11SlotInfo* hash_slot = NULL; SECItem hash_param; if (!hash_to_nss[instance->crypto_hash_type]) { return 0; } hash_param.type = siBuffer; hash_param.data = 0; hash_param.len = 0; hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL); if (hash_slot == NULL) { - log_printf(instance->log_level_security, "Unable to find security slot (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, "Unable to find security slot (err %d)", + // PR_GetError()); return -1; } instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot, hash_to_nss[instance->crypto_hash_type], PK11_OriginUnwrap, CKA_SIGN, &hash_param, NULL); if (instance->nss_sym_key_sign == NULL) { - log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)", + // PR_GetError()); return -1; } PK11_FreeSlot(hash_slot); return 0; } static int calculate_nss_hash( struct crypto_instance *instance, const unsigned char *buf, const size_t buf_len, unsigned char *hash) { PK11Context* hash_context = NULL; SECItem hash_param; unsigned int hash_tmp_outlen = 0; unsigned char hash_block[hash_block_len[instance->crypto_hash_type]]; int err = -1; /* Now do the digest */ hash_param.type = siBuffer; hash_param.data = 0; hash_param.len = 0; hash_context = PK11_CreateContextBySymKey(hash_to_nss[instance->crypto_hash_type], CKA_SIGN, instance->nss_sym_key_sign, &hash_param); if (!hash_context) { - log_printf(instance->log_level_security, - "PK11_CreateContext failed (hash) hash_type=%d (err %d)", - (int)hash_to_nss[instance->crypto_hash_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_CreateContext failed (hash) hash_type=%d (err %d)", + // (int)hash_to_nss[instance->crypto_hash_type], + // PR_GetError()); goto out; } if (PK11_DigestBegin(hash_context) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_DigestBegin failed (hash) hash_type=%d (err %d)", - (int)hash_to_nss[instance->crypto_hash_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_DigestBegin failed (hash) hash_type=%d (err %d)", + // (int)hash_to_nss[instance->crypto_hash_type], + // PR_GetError()); goto out; } if (PK11_DigestOp(hash_context, buf, buf_len) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_DigestOp failed (hash) hash_type=%d (err %d)", - (int)hash_to_nss[instance->crypto_hash_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_DigestOp failed (hash) hash_type=%d (err %d)", + // (int)hash_to_nss[instance->crypto_hash_type], + // PR_GetError()); goto out; } if (PK11_DigestFinal(hash_context, hash_block, &hash_tmp_outlen, hash_block_len[instance->crypto_hash_type]) != SECSuccess) { - log_printf(instance->log_level_security, - "PK11_DigestFinale failed (hash) hash_type=%d (err %d)", - (int)hash_to_nss[instance->crypto_hash_type], - PR_GetError()); + //log_printf(instance->log_level_security, + // "PK11_DigestFinale failed (hash) hash_type=%d (err %d)", + // (int)hash_to_nss[instance->crypto_hash_type], + // PR_GetError()); goto out; } memcpy(hash, hash_block, hash_len[instance->crypto_hash_type]); err = 0; out: if (hash_context) { PK11_DestroyContext(hash_context, PR_TRUE); } return err; } /* * global/glue nss functions */ static int init_nss_db(struct crypto_instance *instance) { if ((!cipher_to_nss[instance->crypto_cipher_type]) && (!hash_to_nss[instance->crypto_hash_type])) { return 0; } if (NSS_NoDB_Init(".") != SECSuccess) { - log_printf(instance->log_level_security, "NSS DB initialization failed (err %d)", - PR_GetError()); + //log_printf(instance->log_level_security, "NSS DB initialization failed (err %d)", + // PR_GetError()); return -1; } return 0; } -static int init_nss(struct crypto_instance *instance, - const char *crypto_cipher_type, - const char *crypto_hash_type) +static int init_nss(struct crypto_instance *instance) { - log_printf(instance->log_level_notice, - "Initializing transmit/receive security (NSS) crypto: %s hash: %s", - crypto_cipher_type, crypto_hash_type); + //log_printf(instance->log_level_notice, + // "Initializing transmit/receive security (NSS) crypto: %s hash: %s", + // crypto_cipher_type, crypto_hash_type); if (init_nss_db(instance) < 0) { return -1; } if (init_nss_crypto(instance) < 0) { return -1; } if (init_nss_hash(instance) < 0) { return -1; } return 0; } static int encrypt_and_sign_nss ( struct crypto_instance *instance, const unsigned char *buf_in, const size_t buf_in_len, unsigned char *buf_out, size_t *buf_out_len) { unsigned char *hash = buf_out; unsigned char *data = hash + hash_len[instance->crypto_hash_type]; if (encrypt_nss(instance, buf_in, buf_in_len, data, buf_out_len) < 0) { return -1; } if (hash_to_nss[instance->crypto_hash_type]) { if (calculate_nss_hash(instance, data, *buf_out_len, hash) < 0) { return -1; } *buf_out_len = *buf_out_len + hash_len[instance->crypto_hash_type]; } return 0; } static int authenticate_and_decrypt_nss ( struct crypto_instance *instance, unsigned char *buf, int *buf_len) { if (hash_to_nss[instance->crypto_hash_type]) { unsigned char tmp_hash[hash_len[instance->crypto_hash_type]]; unsigned char *hash = buf; unsigned char *data = hash + hash_len[instance->crypto_hash_type]; int datalen = *buf_len - hash_len[instance->crypto_hash_type]; if (calculate_nss_hash(instance, data, datalen, tmp_hash) < 0) { return -1; } if (memcmp(tmp_hash, hash, hash_len[instance->crypto_hash_type]) != 0) { - log_printf(instance->log_level_error, "Digest does not match"); + //log_printf(instance->log_level_error, "Digest does not match"); return -1; } memmove(buf, data, datalen); *buf_len = datalen; } if (decrypt_nss(instance, buf, buf_len) < 0) { return -1; } return 0; } /* * exported API */ size_t crypto_sec_header_size( const char *crypto_cipher_type, const char *crypto_hash_type) { int crypto_cipher = string_to_crypto_cipher_type(crypto_cipher_type); int crypto_hash = string_to_crypto_hash_type(crypto_hash_type); size_t hdr_size = 0; hdr_size = sizeof(struct crypto_config_header); if (crypto_hash) { hdr_size += hash_len[crypto_hash]; } if (crypto_cipher) { hdr_size += SALT_SIZE; hdr_size += cypher_block_len[crypto_cipher]; } return hdr_size; } int crypto_encrypt_and_sign ( struct crypto_instance *instance, const unsigned char *buf_in, const size_t buf_in_len, unsigned char *buf_out, size_t *buf_out_len) { struct crypto_config_header *cch = (struct crypto_config_header *)buf_out; int err; cch->crypto_cipher_type = instance->crypto_cipher_type; cch->crypto_hash_type = instance->crypto_hash_type; cch->__pad0 = 0; cch->__pad1 = 0; buf_out += sizeof(struct crypto_config_header); err = encrypt_and_sign_nss(instance, buf_in, buf_in_len, buf_out, buf_out_len); *buf_out_len = *buf_out_len + sizeof(struct crypto_config_header); return err; } int crypto_authenticate_and_decrypt (struct crypto_instance *instance, unsigned char *buf, int *buf_len) { struct crypto_config_header *cch = (struct crypto_config_header *)buf; /* * decode crypto config of incoming packets */ if (cch->crypto_cipher_type != instance->crypto_cipher_type) { - log_printf(instance->log_level_security, - "Incoming packet has different crypto type. Rejecting"); + //log_printf(instance->log_level_security, + // "Incoming packet has different crypto type. Rejecting"); return -1; } if (cch->crypto_hash_type != instance->crypto_hash_type) { - log_printf(instance->log_level_security, - "Incoming packet has different hash type. Rejecting"); + //log_printf(instance->log_level_security, + // "Incoming packet has different hash type. Rejecting"); return -1; } if ((cch->__pad0 != 0) || (cch->__pad1 != 0)) { - log_printf(instance->log_level_security, - "Incoming packet appears to have features not supported by this version of corosync. Rejecting"); + //log_printf(instance->log_level_security, + // "Incoming packet appears to have features not supported by this version of corosync. Rejecting"); return -1; } /* * invalidate config header and kill it */ cch = NULL; *buf_len -= sizeof(struct crypto_config_header); memmove(buf, buf + sizeof(struct crypto_config_header), *buf_len); return authenticate_and_decrypt_nss(instance, buf, buf_len); } -struct crypto_instance *crypto_init( - const unsigned char *private_key, - unsigned int private_key_len, - const char *crypto_cipher_type, - const char *crypto_hash_type, - void (*log_printf_func) ( - int level, - int subsys, - const char *function, - const char *file, - int line, - const char *format, - ...)__attribute__((format(printf, 6, 7))), - int log_level_security, - int log_level_notice, - int log_level_error, - int log_subsys_id) +int crypto_init( + knet_handle_t knet_h, + const struct knet_handle_cfg *knet_handle_cfg) { - struct crypto_instance *instance; - instance = malloc(sizeof(*instance)); - if (instance == NULL) { - return (NULL); + knet_h->crypto_instance = malloc(sizeof(struct crypto_instance)); + if (!knet_h->crypto_instance) { + return -1; } - memset(instance, 0, sizeof(struct crypto_instance)); - memcpy(instance->private_key, private_key, private_key_len); - instance->private_key_len = private_key_len; + memset(knet_h->crypto_instance, 0, sizeof(struct crypto_instance)); - instance->crypto_cipher_type = string_to_crypto_cipher_type(crypto_cipher_type); - instance->crypto_hash_type = string_to_crypto_hash_type(crypto_hash_type); + if (!knet_handle_cfg->crypto_cipher_type) { + goto out_err; + } - instance->crypto_header_size = crypto_sec_header_size(crypto_cipher_type, crypto_hash_type); + knet_h->crypto_instance->crypto_cipher_type = string_to_crypto_cipher_type(knet_handle_cfg->crypto_cipher_type); + if (knet_h->crypto_instance->crypto_cipher_type < 0) { + goto out_err; + } - instance->log_printf_func = log_printf_func; - instance->log_level_security = log_level_security; - instance->log_level_notice = log_level_notice; - instance->log_level_error = log_level_error; - instance->log_subsys_id = log_subsys_id; + if (!knet_handle_cfg->crypto_hash_type) { + goto out_err; + } - if (init_nss(instance, crypto_cipher_type, crypto_hash_type) < 0) { - free(instance); - return(NULL); + knet_h->crypto_instance->crypto_hash_type = string_to_crypto_hash_type(knet_handle_cfg->crypto_hash_type); + if (knet_h->crypto_instance->crypto_hash_type < 0) { + goto out_err; } - return (instance); + knet_h->crypto_instance->private_key = knet_handle_cfg->private_key; + knet_h->crypto_instance->private_key_len = knet_handle_cfg->private_key_len; + + if ((knet_h->crypto_instance->crypto_cipher_type > 0) || + (knet_h->crypto_instance->crypto_hash_type > 0)) { + if ((!knet_h->crypto_instance->private_key) || + (knet_h->crypto_instance->private_key_len < 1024)) { + goto out_err; + } + } + + knet_h->crypto_instance->private_key = knet_handle_cfg->private_key; + knet_h->crypto_instance->private_key_len = knet_handle_cfg->private_key_len; + + knet_h->crypto_instance->crypto_header_size = crypto_sec_header_size(knet_handle_cfg->crypto_cipher_type, knet_handle_cfg->crypto_hash_type); + + if (init_nss(knet_h->crypto_instance) < 0) { + goto out_err; + } + + return 0; + +out_err: + free(knet_h->crypto_instance); + knet_h->crypto_instance = NULL; + return -1; +} + +void crypto_fini( + knet_handle_t knet_h) +{ + if (knet_h->crypto_instance) { + if (knet_h->crypto_instance->nss_sym_key) + PK11_FreeSymKey(knet_h->crypto_instance->nss_sym_key); + if (knet_h->crypto_instance->nss_sym_key_sign) + PK11_FreeSymKey(knet_h->crypto_instance->nss_sym_key_sign); + free(knet_h->crypto_instance); + knet_h->crypto_instance = NULL; + } + + return; } diff --git a/libknet/nsscrypto.h b/libknet/nsscrypto.h new file mode 100644 index 00000000..124dbe52 --- /dev/null +++ b/libknet/nsscrypto.h @@ -0,0 +1,32 @@ +#ifndef NSSCRYPTO_H_DEFINED +#define NSSCRYPTO_H_DEFINED + +#include +#include "libknet.h" + +struct crypto_instance; + +size_t crypto_sec_header_size( + const char *crypto_cipher_type, + const char *crypto_hash_type); + +int crypto_authenticate_and_decrypt ( + struct crypto_instance *instance, + unsigned char *buf, + int *buf_len); + +int crypto_encrypt_and_sign ( + struct crypto_instance *instance, + const unsigned char *buf_in, + const size_t buf_in_len, + unsigned char *buf_out, + size_t *buf_out_len); + +int crypto_init( + knet_handle_t knet_h, + const struct knet_handle_cfg *knet_handle_cfg); + +void crypto_fini( + knet_handle_t knet_h); + +#endif /* NSSCRYPTO_H_DEFINED */ diff --git a/libknet/totemcrypto.h b/libknet/totemcrypto.h deleted file mode 100644 index 7c06c391..00000000 --- a/libknet/totemcrypto.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2006-2012 Red Hat, Inc. - * - * All rights reserved. - * - * Author: Steven Dake (sdake@redhat.com) - * Christine Caulfield (ccaulfie@redhat.com) - * Jan Friesse (jfriesse@redhat.com) - * - * This software licensed under BSD license, the text of which follows: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - Neither the name of the MontaVista Software, Inc. nor the names of its - * contributors may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef TOTEMCRYPTO_H_DEFINED -#define TOTEMCRYPTO_H_DEFINED - -#include - -struct crypto_instance; - -extern size_t crypto_sec_header_size( - const char *crypto_cipher_type, - const char *crypto_hash_type); - -extern int crypto_authenticate_and_decrypt ( - struct crypto_instance *instance, - unsigned char *buf, - int *buf_len); - -extern int crypto_encrypt_and_sign ( - struct crypto_instance *instance, - const unsigned char *buf_in, - const size_t buf_in_len, - unsigned char *buf_out, - size_t *buf_out_len); - -extern struct crypto_instance *crypto_init( - const unsigned char *private_key, - unsigned int private_key_len, - const char *crypto_cipher_type, - const char *crypto_hash_type, - void (*log_printf_func) ( - int level, - int subsys, - const char *function, - const char *file, - int line, - const char *format, - ...)__attribute__((format(printf, 6, 7))), - int log_level_security, - int log_level_notice, - int log_level_error, - int log_subsys_id); - -#endif /* TOTEMCRYPTO_H_DEFINED */ diff --git a/tests/Makefile.am b/tests/Makefile.am index 23f9a910..e275f2f7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,46 +1,46 @@ MAINTAINERCLEANFILES = Makefile.in VALGRIND = valgrind -q --error-exitcode=127 --track-fds=yes --leak-check=full HELGRIND = valgrind -v --tool=helgrind check-valgrind: $(check_PROGRAMS) $(MAKE) TESTS_ENVIRONMENT="$(VALGRIND)" check check-helgrind: $(check_PROGRAMS) $(MAKE) TESTS_ENVIRONMENT="$(HELGRIND)" check noinst_PROGRAMS = \ ping_test \ khandle_test \ lookup_bench \ $(check_PROGRAMS) check_PROGRAMS = \ netutils_test \ listener_test \ timediff_test TESTS = $(check_PROGRAMS) AM_CPPFLAGS = -DTEST \ -I$(srcdir)/../libtap/ \ -I$(srcdir)/../libknet/ \ -I$(srcdir)/../kronosnetd/ AM_LDFLAGS = \ $(top_builddir)/libtap/libtap.la \ - $(top_builddir)/libknet/libknet.a + $(top_builddir)/libknet/libknet.la ping_test_SOURCES = ping_test.c khandle_test_SOURCES = khandle_test.c lookup_bench_SOURCES = lookup_bench.c \ $(srcdir)/../kronosnetd/netutils.c listener_test_SOURCES = listener_test.c netutils_test_SOURCES = netutils_test.c \ $(srcdir)/../kronosnetd/netutils.c timediff_test_SOURCES = timediff_test.c diff --git a/tests/khandle_test.c b/tests/khandle_test.c index b8fcebd5..f61dbd39 100644 --- a/tests/khandle_test.c +++ b/tests/khandle_test.c @@ -1,61 +1,63 @@ #include "config.h" #include #include #include #include #include #include "libknet.h" #define HOST_LIST_SIZE 8192 #define HOST_LIST_LOOP 64 static int host_loop(knet_handle_t knet_h, struct knet_host *host, struct knet_host_search *search) { host->active = 1; search->param1++; return KNET_HOST_FOREACH_NEXT; } int main(int argc, char *argv[]) { int sock, i, j; knet_handle_t knet_h; struct knet_host_search search; struct knet_handle_cfg knet_handle_cfg; sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { printf("Unable to create new socket\n"); exit(EXIT_FAILURE); } memset(&knet_handle_cfg, 0, sizeof(struct knet_handle_cfg)); knet_handle_cfg.fd = sock; knet_handle_cfg.node_id = 1; + knet_handle_cfg.crypto_cipher_type = (char *)"none"; + knet_handle_cfg.crypto_hash_type = (char *)"none"; knet_h = knet_handle_new(&knet_handle_cfg); for (i = 0; i < HOST_LIST_SIZE; i++) knet_host_add(knet_h, i); search.param1 = 0; for (i = 0; i < HOST_LIST_SIZE; i++) { for (j = 0; j < HOST_LIST_LOOP; j++) { knet_host_foreach(knet_h, host_loop, &search); } knet_host_remove(knet_h, i); } printf("Loop count: %u times\n", (unsigned int) search.param1); if (knet_handle_free(knet_h) != 0) { printf("Unable to free knet_handle\n"); exit(EXIT_FAILURE); } return 0; } diff --git a/tests/listener_test.c b/tests/listener_test.c index f0c90c13..3320a9a9 100644 --- a/tests/listener_test.c +++ b/tests/listener_test.c @@ -1,139 +1,141 @@ #include "config.h" #include #include #include #include #include #include "libknet-private.h" #define KNET_TEST_PORT 50000 static knet_handle_t knet_h; struct knet_listener *listener; static void test_add_listener(void) { struct sockaddr_in *address; listener = malloc(sizeof(struct knet_listener)); if (listener == NULL) { printf("Unable to create listener\n"); exit(EXIT_FAILURE); } memset(listener, 0, sizeof(struct knet_listener)); address = (struct sockaddr_in *) &listener->address; address->sin_family = AF_INET; address->sin_port = htons(KNET_TEST_PORT); address->sin_addr.s_addr = INADDR_ANY; if (knet_listener_add(knet_h, listener) != 0) { printf("Unable to add listener\n"); exit(EXIT_FAILURE); } } static void test_add_host(void) { struct knet_host *host; if (knet_host_add(knet_h, 1) != 0) { printf("Unable to add host to knet_handle\n"); exit(EXIT_FAILURE); } knet_host_get(knet_h, 1, &host); host->link[0].sock = listener->sock; host->link[0].ready = 1; knet_host_release(knet_h, &host); } int main(int argc, char *argv[]) { int err, sock; struct epoll_event ev; struct knet_handle_cfg knet_handle_cfg; sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { printf("Unable to create new socket\n"); exit(EXIT_FAILURE); } memset(&knet_handle_cfg, 0, sizeof(struct knet_handle_cfg)); knet_handle_cfg.fd = sock; knet_handle_cfg.node_id = 1; + knet_handle_cfg.crypto_cipher_type = (char *)"none"; + knet_handle_cfg.crypto_hash_type = (char *)"none"; if ((knet_h = knet_handle_new(&knet_handle_cfg)) == NULL) { printf("Unable to create new knet_handle_t\n"); exit(EXIT_FAILURE); } printf("Adding listener to handle\n"); test_add_listener(); memset(&ev, 0, sizeof(struct epoll_event)); /* don't try this at home :) */ err = epoll_ctl(knet_h->recv_from_links_epollfd, EPOLL_CTL_ADD, listener->sock, &ev); if (err != -1) { printf("Listener file descriptor not found in epollfd\n"); exit(EXIT_FAILURE); } printf("Listener file descriptor was added to epollfd\n"); printf("Adding host to handle\n"); test_add_host(); err = knet_listener_remove(knet_h, listener); if (err != -EBUSY) { printf("Listener socket should be in use\n"); exit(EXIT_FAILURE); } printf("Unable to remove listener with active links\n"); printf("Removing host from handle\n"); err = knet_host_remove(knet_h, 1); if (err != 0) { printf("Unable to remove host from knet_handle\n"); exit(EXIT_FAILURE); } printf("Removing listener\n"); err = knet_listener_remove(knet_h, listener); if (err != 0) { printf("Unable to remove listener from knet_handle\n"); exit(EXIT_FAILURE); } /* don't try this at home :) */ err = epoll_ctl(knet_h->recv_from_links_epollfd, EPOLL_CTL_DEL, listener->sock, &ev); if (err != -1) { printf("Listener file was present in epollfd\n"); exit(EXIT_FAILURE); } printf("Listener file descriptor was removed from epollfd\n"); if (knet_handle_free(knet_h) != 0) { printf("Unable to free knet_handle\n"); exit(EXIT_FAILURE); } return 0; } diff --git a/tests/ping_test.c b/tests/ping_test.c index 88f3bb7d..f5345984 100644 --- a/tests/ping_test.c +++ b/tests/ping_test.c @@ -1,216 +1,226 @@ #include "config.h" #include #include #include #include #include #include #include #include "libknet.h" +static unsigned char crypto_key[4096]; static int knet_sock[2]; static knet_handle_t knet_h; static in_port_t tok_inport(char *str) { int value = atoi(str); if ((value < 0) || (value > UINT16_MAX)) return 0; return (in_port_t) value; } static int tok_inaddrport(char *str, struct sockaddr_in *addr) { char *strhost, *strport, *tmp = NULL; strhost = strtok_r(str, ":", &tmp); strport = strtok_r(NULL, ":", &tmp); if (strport == NULL) addr->sin_port = htons(KNET_RING_DEFPORT); else addr->sin_port = htons(tok_inport(strport)); return inet_aton(strhost, &addr->sin_addr); } static void print_usage(char *name) { printf("usage: %s [:] [:port] [...]\n", name); printf("example: %s 0.0.0.0 192.168.0.2\n", name); } static void argv_to_hosts(int argc, char *argv[]) { int err, i; struct sockaddr_in *address; struct knet_host *host; struct knet_listener *listener; listener = malloc(sizeof(struct knet_listener)); if (listener == NULL) { printf("Unable to create listener\n"); exit(EXIT_FAILURE); } memset(listener, 0, sizeof(struct knet_listener)); address = (struct sockaddr_in *) &listener->address; address->sin_family = AF_INET; err = tok_inaddrport(argv[1], address); if (err < 0) { printf("Unable to convert ip address: %s\n", argv[1]); exit(EXIT_FAILURE); } err = knet_listener_add(knet_h, listener); if (err != 0) { printf("Unable to start knet listener\n"); exit(EXIT_FAILURE); } for (i = 2; i < argc; i++) { if (knet_host_add(knet_h, i - 1) != 0) { printf("Unable to add new knet_host\n"); exit(EXIT_FAILURE); } knet_host_get(knet_h, i - 1, &host); host->link[0].sock = listener->sock; host->link[0].address.ss_family = AF_INET; knet_link_timeout(&host->link[0], 1000, 5000, 2048); host->link[0].ready = 1; err = tok_inaddrport(argv[i], (struct sockaddr_in *) &host->link[0].address); if (err < 0) { printf("Unable to convert ip address: %s", argv[i]); exit(EXIT_FAILURE); } knet_host_release(knet_h, &host); } } /* Testing the latency/timeout: * # tc qdisc add dev lo root handle 1:0 netem delay 1s limit 1000 * # tc -d qdisc show dev lo * # tc qdisc del dev lo root */ static int print_link(knet_handle_t khandle, struct knet_host *host, struct knet_host_search *data) { int i; for (i = 0; i < KNET_MAX_LINK; i++) { if (host->link[i].ready != 1) continue; printf("host %p, link %p latency is %llu microsecs, status: %s\n", host, &host->link[i], host->link[i].latency, (host->link[i].enabled == 0) ? "disabled" : "enabled"); } return KNET_HOST_FOREACH_NEXT; } static void sigint_handler(int signum) { int err; printf("Cleaning up...\n"); if (knet_h != NULL) { err = knet_handle_free(knet_h); if (err != 0) { printf("Unable to cleanup before exit\n"); exit(EXIT_FAILURE); } } exit(EXIT_SUCCESS); } int main(int argc, char *argv[]) { char buff[1024]; size_t len; fd_set rfds; struct timeval tv; struct knet_host_search print_search; struct knet_handle_cfg knet_handle_cfg; if (argc < 3) { print_usage(argv[0]); exit(EXIT_FAILURE); } if (socketpair(AF_UNIX, SOCK_STREAM, IPPROTO_IP, knet_sock) != 0) { printf("Unable to create socket\n"); exit(EXIT_FAILURE); } knet_h = NULL; if (signal(SIGINT, sigint_handler) == SIG_ERR) { printf("Unable to configure SIGINT handler\n"); exit(EXIT_FAILURE); } memset(&knet_handle_cfg, 0, sizeof(struct knet_handle_cfg)); knet_handle_cfg.fd = knet_sock[0]; knet_handle_cfg.node_id = 1; + knet_handle_cfg.crypto_cipher_type = (char *)"aes256"; + knet_handle_cfg.crypto_hash_type = (char *)"sha512"; + knet_handle_cfg.private_key = crypto_key; + knet_handle_cfg.private_key_len = sizeof(crypto_key); + + /* + * fake a 4KB key of all 0's + */ + memset(knet_handle_cfg.private_key, 0, sizeof(crypto_key)); if ((knet_h = knet_handle_new(&knet_handle_cfg)) == NULL) { printf("Unable to create new knet_handle_t\n"); exit(EXIT_FAILURE); } - + argv_to_hosts(argc, argv); knet_handle_setfwd(knet_h, 1); while (1) { knet_host_foreach(knet_h, print_link, &print_search); printf("Sending 'Hello World!' frame\n"); write(knet_sock[1], "Hello World!", 13); tv.tv_sec = 5; tv.tv_usec = 0; select_loop: FD_ZERO(&rfds); FD_SET(knet_sock[1], &rfds); len = select(FD_SETSIZE, &rfds, NULL, NULL, &tv); /* uncomment this to replicate the one-message problem */ /* usleep(500000); */ if (len < 0) { printf("Unable select over knet_handle_t\n"); exit(EXIT_FAILURE); } else if (FD_ISSET(knet_sock[1], &rfds)) { len = read(knet_sock[1], buff, sizeof(buff)); printf("Received data (%zu bytes): '%s'\n", len, buff); } if ((tv.tv_sec > 0) || (tv.tv_usec > 0)) goto select_loop; } /* FIXME: allocated hosts should be free'd */ return 0; }