forked from wolfSSL/wolfssl
wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros.
This commit is contained in:
Daniel Pouzzner
@@ -31,16 +31,10 @@
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
# include <wolfsentry/wolfsentry.h>
|
||||
# include <wolfsentry/wolfsentry_util.h>
|
||||
# include <wolfsentry/wolfsentry_json.h>
|
||||
|
||||
static struct wolfsentry_context *wolfsentry = NULL;
|
||||
|
||||
#include <wolfsentry/wolfsentry.h>
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
static const char *wolfsentry_config_path = NULL;
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
|
||||
@@ -52,10 +46,6 @@ static const char *wolfsentry_config_path = NULL;
|
||||
|
||||
#include <wolfssl/test.h>
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
#define tcp_connect(sockfd, ip, port, udp, sctp, ssl) tcp_connect_with_wolfSentry(sockfd, ip, port, udp, sctp, ssl, wolfsentry)
|
||||
#endif
|
||||
|
||||
#include <examples/client/client.h>
|
||||
#include <wolfssl/error-ssl.h>
|
||||
|
||||
@@ -2573,125 +2563,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
wolfsentry_ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */,
|
||||
&wolfsentry);
|
||||
if (wolfsentry_ret < 0) {
|
||||
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0)
|
||||
err_sys("unable to initialize wolfSentry");
|
||||
}
|
||||
|
||||
if (wolfsentry_data_index < 0)
|
||||
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL,
|
||||
NULL);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
if (wolfsentry_config_path != NULL) {
|
||||
char buf[512], err_buf[512];
|
||||
struct wolfsentry_json_process_state *jps;
|
||||
|
||||
FILE *f = fopen(wolfsentry_config_path, "r");
|
||||
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "fopen(%s): %s\n",wolfsentry_config_path,strerror(errno));
|
||||
err_sys("unable to open wolfSentry config file");
|
||||
}
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_config_json_init(
|
||||
wolfsentry,
|
||||
WOLFSENTRY_CONFIG_LOAD_FLAG_NONE,
|
||||
&jps)) < 0) {
|
||||
fprintf(stderr, "wolfsentry_config_json_init() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
err_sys("error while initlalizing wolfSentry config parser");
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
size_t n = fread(buf, 1, sizeof buf, f);
|
||||
if ((n < sizeof buf) && ferror(f)) {
|
||||
fprintf(stderr,"fread(%s): %s\n",wolfsentry_config_path, strerror(errno));
|
||||
err_sys("error while reading wolfSentry config file");
|
||||
}
|
||||
|
||||
wolfsentry_ret = wolfsentry_config_json_feed(jps, buf, n, err_buf, sizeof err_buf);
|
||||
if (wolfsentry_ret < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys("error while loading wolfSentry config file");
|
||||
}
|
||||
if ((n < sizeof buf) && feof(f))
|
||||
break;
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_config_json_fini(jps, err_buf, sizeof err_buf)) < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys("error while loading wolfSentry config file");
|
||||
}
|
||||
|
||||
} else
|
||||
#endif /* !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) */
|
||||
{
|
||||
|
||||
struct wolfsentry_route_table *table;
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_route_get_table_static(wolfsentry,
|
||||
&table)) < 0)
|
||||
fprintf(stderr, "wolfsentry_route_get_table_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
if (wolfsentry_ret >= 0) {
|
||||
if ((wolfsentry_ret = wolfsentry_route_table_default_policy_set(
|
||||
wolfsentry, table,
|
||||
WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
< 0)
|
||||
fprintf(stderr,
|
||||
"wolfsentry_route_table_default_policy_set() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
}
|
||||
|
||||
if (wolfsentry_ret >= 0) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
} remote, local;
|
||||
wolfsentry_ent_id_t id;
|
||||
wolfsentry_action_res_t action_results;
|
||||
|
||||
memset(&remote, 0, sizeof remote);
|
||||
memset(&local, 0, sizeof local);
|
||||
#ifdef TEST_IPV6
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET6;
|
||||
remote.sa.addr_len = 128;
|
||||
memcpy(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
|
||||
#else
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET;
|
||||
remote.sa.addr_len = 32;
|
||||
memcpy(remote.sa.addr, "\177\000\000\001", 4);
|
||||
#endif
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_route_insert_static
|
||||
(wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
|
||||
WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
|
||||
WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT |
|
||||
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
|
||||
WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
|
||||
0 /* event_label_len */, 0 /* event_label */, &id,
|
||||
&action_results)) < 0)
|
||||
fprintf(stderr, "wolfsentry_route_insert_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
}
|
||||
|
||||
if (wolfsentry_ret < 0)
|
||||
err_sys("unable to configure route table");
|
||||
}
|
||||
|
||||
if (wolfSSL_CTX_set_ConnectFilter(
|
||||
ctx,
|
||||
|
||||
@@ -36,15 +36,11 @@
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
# include <wolfsentry/wolfsentry.h>
|
||||
# include <wolfsentry/wolfsentry_util.h>
|
||||
# include <wolfsentry/wolfsentry_json.h>
|
||||
|
||||
#include <wolfsentry/wolfsentry.h>
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
static const char *wolfsentry_config_path = NULL;
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
|
||||
#include <stdio.h>
|
||||
@@ -1119,7 +1115,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
SSL_CTX* ctx = 0;
|
||||
SSL* ssl = 0;
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
struct wolfsentry_context *wolfsentry = NULL;
|
||||
wolfsentry_errcode_t wolfsentry_ret;
|
||||
#endif
|
||||
|
||||
@@ -1984,125 +1979,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
||||
err_sys_ex(catastrophic, "unable to get ctx");
|
||||
|
||||
#ifdef WOLFSSL_WOLFSENTRY_HOOKS
|
||||
wolfsentry_ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */,
|
||||
&wolfsentry);
|
||||
if (wolfsentry_ret < 0) {
|
||||
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
err_sys_ex(catastrophic, "unable to initialize wolfSentry");
|
||||
}
|
||||
|
||||
if (wolfsentry_data_index < 0)
|
||||
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL,
|
||||
NULL);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
if (wolfsentry_config_path != NULL) {
|
||||
char buf[512], err_buf[512];
|
||||
struct wolfsentry_json_process_state *jps;
|
||||
|
||||
FILE *f = fopen(wolfsentry_config_path, "r");
|
||||
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "fopen(%s): %s\n",wolfsentry_config_path,strerror(errno));
|
||||
err_sys_ex(catastrophic, "unable to open wolfSentry config file");
|
||||
}
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_config_json_init(
|
||||
wolfsentry,
|
||||
WOLFSENTRY_CONFIG_LOAD_FLAG_NONE,
|
||||
&jps)) < 0) {
|
||||
fprintf(stderr, "wolfsentry_config_json_init() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
err_sys_ex(catastrophic, "error while initlalizing wolfSentry config parser");
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
size_t n = fread(buf, 1, sizeof buf, f);
|
||||
if ((n < sizeof buf) && ferror(f)) {
|
||||
fprintf(stderr,"fread(%s): %s\n",wolfsentry_config_path, strerror(errno));
|
||||
err_sys_ex(catastrophic, "error while reading wolfSentry config file");
|
||||
}
|
||||
|
||||
wolfsentry_ret = wolfsentry_config_json_feed(jps, buf, n, err_buf, sizeof err_buf);
|
||||
if (wolfsentry_ret < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys_ex(catastrophic, "error while loading wolfSentry config file");
|
||||
}
|
||||
if ((n < sizeof buf) && feof(f))
|
||||
break;
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_config_json_fini(jps, err_buf, sizeof err_buf)) < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys_ex(catastrophic, "error while loading wolfSentry config file");
|
||||
}
|
||||
|
||||
} else
|
||||
#endif /* !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) */
|
||||
{
|
||||
struct wolfsentry_route_table *table;
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_route_get_table_static(wolfsentry,
|
||||
&table)) < 0)
|
||||
fprintf(stderr, "wolfsentry_route_get_table_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
if (wolfsentry_ret >= 0) {
|
||||
if ((wolfsentry_ret = wolfsentry_route_table_default_policy_set(
|
||||
wolfsentry, table,
|
||||
WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP))
|
||||
< 0)
|
||||
fprintf(stderr,
|
||||
"wolfsentry_route_table_default_policy_set() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
}
|
||||
|
||||
if (wolfsentry_ret >= 0) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
} remote, local;
|
||||
wolfsentry_ent_id_t id;
|
||||
wolfsentry_action_res_t action_results;
|
||||
|
||||
memset(&remote, 0, sizeof remote);
|
||||
memset(&local, 0, sizeof local);
|
||||
#ifdef TEST_IPV6
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET6;
|
||||
remote.sa.addr_len = 128;
|
||||
memcpy(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
|
||||
#else
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET;
|
||||
remote.sa.addr_len = 32;
|
||||
memcpy(remote.sa.addr, "\177\000\000\001", 4);
|
||||
#endif
|
||||
|
||||
if ((wolfsentry_ret = wolfsentry_route_insert_static
|
||||
(wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
|
||||
WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
|
||||
WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN |
|
||||
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
|
||||
WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
|
||||
0 /* event_label_len */, 0 /* event_label */, &id,
|
||||
&action_results)) < 0)
|
||||
fprintf(stderr, "wolfsentry_route_insert_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
|
||||
}
|
||||
|
||||
if (wolfsentry_ret < 0)
|
||||
err_sys_ex(catastrophic, "unable to configure route table");
|
||||
}
|
||||
|
||||
if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) < 0)
|
||||
err_sys("unable to initialize wolfSentry");
|
||||
|
||||
if (wolfSSL_CTX_set_AcceptFilter(
|
||||
ctx,
|
||||
|
||||
@@ -1025,7 +1025,7 @@ int wolfSSL_CTX_set_AcceptFilter(
|
||||
return BAD_FUNC_ARG;
|
||||
ctx->AcceptFilter = AcceptFilter;
|
||||
ctx->AcceptFilter_arg = AcceptFilter_arg;
|
||||
return WOLFSSL_SUCCESS;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfSSL_set_AcceptFilter(
|
||||
@@ -1037,7 +1037,7 @@ int wolfSSL_set_AcceptFilter(
|
||||
return BAD_FUNC_ARG;
|
||||
ssl->AcceptFilter = AcceptFilter;
|
||||
ssl->AcceptFilter_arg = AcceptFilter_arg;
|
||||
return WOLFSSL_SUCCESS;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfSSL_CTX_set_ConnectFilter(
|
||||
@@ -1049,7 +1049,7 @@ int wolfSSL_CTX_set_ConnectFilter(
|
||||
return BAD_FUNC_ARG;
|
||||
ctx->ConnectFilter = ConnectFilter;
|
||||
ctx->ConnectFilter_arg = ConnectFilter_arg;
|
||||
return WOLFSSL_SUCCESS;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfSSL_set_ConnectFilter(
|
||||
@@ -1061,7 +1061,7 @@ int wolfSSL_set_ConnectFilter(
|
||||
return BAD_FUNC_ARG;
|
||||
ssl->ConnectFilter = ConnectFilter;
|
||||
ssl->ConnectFilter_arg = ConnectFilter_arg;
|
||||
return WOLFSSL_SUCCESS;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
196
wolfssl/test.h
196
wolfssl/test.h
@@ -1053,7 +1053,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
||||
struct zsock_addrinfo hints, *addrInfo;
|
||||
char portStr[6];
|
||||
XSNPRINTF(portStr, sizeof(portStr), "%d", port);
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
XMEMSET(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_UNSPEC;
|
||||
hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
|
||||
hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
|
||||
@@ -1178,6 +1178,12 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
|
||||
|
||||
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && defined(WOLFSENTRY_H)
|
||||
|
||||
#include <wolfsentry/wolfsentry_util.h>
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
#include <wolfsentry/wolfsentry_json.h>
|
||||
#endif
|
||||
|
||||
struct wolfsentry_data {
|
||||
struct wolfsentry_sockaddr remote;
|
||||
byte remote_addrbuf[16];
|
||||
@@ -1192,6 +1198,8 @@ static void free_wolfsentry_data(struct wolfsentry_data *data) {
|
||||
XFREE(data, data->heap, data->alloctype);
|
||||
}
|
||||
|
||||
static struct wolfsentry_context *wolfsentry = NULL;
|
||||
|
||||
static int wolfsentry_data_index = -1;
|
||||
|
||||
static WC_INLINE int wolfsentry_store_endpoints(
|
||||
@@ -1329,6 +1337,186 @@ static int wolfSentry_NetworkFilterCallback(
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
static int wolfsentry_setup(
|
||||
struct wolfsentry_context **_wolfsentry,
|
||||
const char *_wolfsentry_config_path,
|
||||
wolfsentry_route_flags_t route_flags)
|
||||
{
|
||||
wolfsentry_errcode_t ret;
|
||||
ret = wolfsentry_init(NULL /* hpi */, NULL /* default config */,
|
||||
_wolfsentry);
|
||||
if (ret < 0) {
|
||||
fprintf(stderr, "wolfsentry_init() returned " WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
err_sys("unable to initialize wolfSentry");
|
||||
}
|
||||
|
||||
if (wolfsentry_data_index < 0)
|
||||
wolfsentry_data_index = wolfSSL_get_ex_new_index(0, NULL, NULL, NULL,
|
||||
NULL);
|
||||
|
||||
#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON)
|
||||
if (_wolfsentry_config_path != NULL) {
|
||||
char buf[512], err_buf[512];
|
||||
struct wolfsentry_json_process_state *jps;
|
||||
|
||||
FILE *f = fopen(_wolfsentry_config_path, "r");
|
||||
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "fopen(%s): %s\n",_wolfsentry_config_path,strerror(errno));
|
||||
err_sys("unable to open wolfSentry config file");
|
||||
}
|
||||
|
||||
if ((ret = wolfsentry_config_json_init(
|
||||
*_wolfsentry,
|
||||
WOLFSENTRY_CONFIG_LOAD_FLAG_NONE,
|
||||
&jps)) < 0) {
|
||||
fprintf(stderr, "wolfsentry_config_json_init() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
err_sys("error while initlalizing wolfSentry config parser");
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
size_t n = fread(buf, 1, sizeof buf, f);
|
||||
if ((n < sizeof buf) && ferror(f)) {
|
||||
fprintf(stderr,"fread(%s): %s\n",_wolfsentry_config_path, strerror(errno));
|
||||
err_sys("error while reading wolfSentry config file");
|
||||
}
|
||||
|
||||
ret = wolfsentry_config_json_feed(jps, buf, n, err_buf, sizeof err_buf);
|
||||
if (ret < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys("error while loading wolfSentry config file");
|
||||
}
|
||||
if ((n < sizeof buf) && feof(f))
|
||||
break;
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
if ((ret = wolfsentry_config_json_fini(jps, err_buf, sizeof err_buf)) < 0) {
|
||||
fprintf(stderr, "%.*s\n", (int)sizeof err_buf, err_buf);
|
||||
err_sys("error while loading wolfSentry config file");
|
||||
}
|
||||
|
||||
} else
|
||||
#endif /* !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) */
|
||||
{
|
||||
struct wolfsentry_route_table *table;
|
||||
|
||||
if ((ret = wolfsentry_route_get_table_static(*_wolfsentry,
|
||||
&table)) < 0)
|
||||
fprintf(stderr, "wolfsentry_route_get_table_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT)) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
} remote, local;
|
||||
wolfsentry_ent_id_t id;
|
||||
wolfsentry_action_res_t action_results;
|
||||
|
||||
if ((ret = wolfsentry_route_table_default_policy_set(
|
||||
*_wolfsentry, table,
|
||||
WOLFSENTRY_ACTION_RES_ACCEPT))
|
||||
< 0) {
|
||||
fprintf(stderr,
|
||||
"wolfsentry_route_table_default_policy_set() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
XMEMSET(&remote, 0, sizeof remote);
|
||||
XMEMSET(&local, 0, sizeof local);
|
||||
#ifdef TEST_IPV6
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET6;
|
||||
remote.sa.addr_len = 128;
|
||||
XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
|
||||
#else
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET;
|
||||
remote.sa.addr_len = 32;
|
||||
XMEMCPY(remote.sa.addr, "\177\000\000\001", 4);
|
||||
#endif
|
||||
|
||||
if ((ret = wolfsentry_route_insert_static
|
||||
(*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
|
||||
route_flags |
|
||||
WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
|
||||
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
|
||||
WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
|
||||
0 /* event_label_len */, 0 /* event_label */, &id,
|
||||
&action_results)) < 0) {
|
||||
fprintf(stderr, "wolfsentry_route_insert_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
return ret;
|
||||
}
|
||||
} else if (WOLFSENTRY_CHECK_BITS(route_flags, WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN)) {
|
||||
struct {
|
||||
struct wolfsentry_sockaddr sa;
|
||||
byte buf[16];
|
||||
} remote, local;
|
||||
wolfsentry_ent_id_t id;
|
||||
wolfsentry_action_res_t action_results;
|
||||
|
||||
if ((ret = wolfsentry_route_table_default_policy_set(
|
||||
*_wolfsentry, table,
|
||||
WOLFSENTRY_ACTION_RES_REJECT|WOLFSENTRY_ACTION_RES_STOP))
|
||||
< 0) {
|
||||
fprintf(stderr,
|
||||
"wolfsentry_route_table_default_policy_set() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
XMEMSET(&remote, 0, sizeof remote);
|
||||
XMEMSET(&local, 0, sizeof local);
|
||||
#ifdef TEST_IPV6
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET6;
|
||||
remote.sa.addr_len = 128;
|
||||
XMEMCPY(remote.sa.addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16);
|
||||
#else
|
||||
remote.sa.sa_family = local.sa.sa_family = AF_INET;
|
||||
remote.sa.addr_len = 32;
|
||||
XMEMCPY(remote.sa.addr, "\177\000\000\001", 4);
|
||||
#endif
|
||||
|
||||
if ((ret = wolfsentry_route_insert_static
|
||||
(*_wolfsentry, NULL /* caller_context */, &remote.sa, &local.sa,
|
||||
route_flags |
|
||||
WOLFSENTRY_ROUTE_FLAG_GREENLISTED |
|
||||
WOLFSENTRY_ROUTE_FLAG_PARENT_EVENT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_REMOTE_INTERFACE_WILDCARD|
|
||||
WOLFSENTRY_ROUTE_FLAG_LOCAL_INTERFACE_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_ADDR_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_PROTO_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_REMOTE_PORT_WILDCARD |
|
||||
WOLFSENTRY_ROUTE_FLAG_SA_LOCAL_PORT_WILDCARD,
|
||||
0 /* event_label_len */, 0 /* event_label */, &id,
|
||||
&action_results)) < 0) {
|
||||
fprintf(stderr, "wolfsentry_route_insert_static() returned "
|
||||
WOLFSENTRY_ERROR_FMT "\n",
|
||||
WOLFSENTRY_ERROR_FMT_ARGS(ret));
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static WC_INLINE int tcp_connect_with_wolfSentry(
|
||||
SOCKET_T* sockfd,
|
||||
const char* ip,
|
||||
@@ -1423,7 +1611,9 @@ static WC_INLINE int tcp_connect_with_wolfSentry(
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
#define tcp_connect(sockfd, ip, port, udp, sctp, ssl) tcp_connect_with_wolfSentry(sockfd, ip, port, udp, sctp, ssl, wolfsentry)
|
||||
|
||||
#else /* !WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
|
||||
int udp, int sctp, WOLFSSL* ssl)
|
||||
@@ -1441,6 +1631,8 @@ static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_WOLFSENTRY_HOOKS */
|
||||
|
||||
|
||||
static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user