mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 12:14:38 +02:00
WOLFSSL_NETWORK_INTROSPECTION WIP
This commit is contained in:
Daniel Pouzzner
@@ -276,6 +276,36 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|||||||
|
|
||||||
#endif /* WOLFSSL_DTLS */
|
#endif /* WOLFSSL_DTLS */
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||||
|
|
||||||
|
static int test_NetworkFilterCallback(WOLFSSL *ssl, struct wolfSSL_network_connection *nc, void *ctx, wolfSSL_netfilter_decision_t *decision) {
|
||||||
|
const void *remote_addr2;
|
||||||
|
const void *local_addr2;
|
||||||
|
char inet_ntop_buf[INET6_ADDRSTRLEN], inet_ntop_buf2[INET6_ADDRSTRLEN];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
(void)ssl;
|
||||||
|
(void)ctx;
|
||||||
|
|
||||||
|
if ((ret = wolfSSL_get_endpoint_addrs(nc, &remote_addr2, &local_addr2)) != WOLFSSL_SUCCESS) {
|
||||||
|
printf("wolfSSL_get_endpoints(): %s\n", wolfSSL_ERR_error_string(ret, NULL));
|
||||||
|
err_sys_ex(catastrophic, "error in wolfSSL_get_endpoints()");
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("got network filter callback: family=%d proto=%d rport=%d lport=%d raddr=%s laddr=%s interface=%d\n",
|
||||||
|
nc->family,
|
||||||
|
nc->proto,
|
||||||
|
nc->remote_port,
|
||||||
|
nc->local_port,
|
||||||
|
inet_ntop(nc->family, remote_addr2, inet_ntop_buf, sizeof inet_ntop_buf),
|
||||||
|
inet_ntop(nc->family, local_addr2, inet_ntop_buf2, sizeof inet_ntop_buf2),
|
||||||
|
nc->interface);
|
||||||
|
|
||||||
|
*decision = WOLFSSL_NETFILTER_ACCEPT;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||||
|
|
||||||
static int NonBlockingSSL_Accept(SSL* ssl)
|
static int NonBlockingSSL_Accept(SSL* ssl)
|
||||||
{
|
{
|
||||||
@@ -1840,6 +1870,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
err_sys_ex(catastrophic, "unable to get ctx");
|
err_sys_ex(catastrophic, "unable to get ctx");
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||||
|
if (wolfSSL_CTX_set_AcceptFilter(ctx, test_NetworkFilterCallback, NULL /* AcceptFilter_arg */) < 0)
|
||||||
|
err_sys_ex(catastrophic, "unable to install test_NetworkFilterCallback");
|
||||||
|
#endif
|
||||||
|
|
||||||
if (simulateWantWrite)
|
if (simulateWantWrite)
|
||||||
{
|
{
|
||||||
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
|
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
|
||||||
|
|||||||
@@ -6467,9 +6467,9 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
|||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection))
|
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection))
|
||||||
XFREE(ssl->buffers.network_connection_addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
XFREE(ssl->buffers.network_connection.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection_layer2))
|
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(ssl->buffers.network_connection_layer2))
|
||||||
XFREE(ssl->buffers.network_connection_layer2_addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
XFREE(ssl->buffers.network_connection_layer2.addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||||
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
#endif /* WOLFSSL_NETWORK_INTROSPECTION */
|
||||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||||
XFREE(ssl->peerTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
|
XFREE(ssl->peerTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
|
||||||
|
|||||||
31
src/ssl.c
31
src/ssl.c
@@ -1019,7 +1019,6 @@ int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
|
|||||||
static WC_INLINE int wolfSSL_set_endpoints_1(
|
static WC_INLINE int wolfSSL_set_endpoints_1(
|
||||||
WOLFSSL* ssl,
|
WOLFSSL* ssl,
|
||||||
struct wolfSSL_network_connection *nc,
|
struct wolfSSL_network_connection *nc,
|
||||||
byte **nc_addr_buffer_dynamic,
|
|
||||||
unsigned int interface_id,
|
unsigned int interface_id,
|
||||||
unsigned int family,
|
unsigned int family,
|
||||||
unsigned int proto,
|
unsigned int proto,
|
||||||
@@ -1049,13 +1048,13 @@ static WC_INLINE int wolfSSL_set_endpoints_1(
|
|||||||
|
|
||||||
if (current_dynamic_alloc != needed_dynamic_alloc) {
|
if (current_dynamic_alloc != needed_dynamic_alloc) {
|
||||||
if (current_dynamic_alloc > 0)
|
if (current_dynamic_alloc > 0)
|
||||||
XFREE(*nc_addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
XFREE(nc->addr_buffer_dynamic, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
|
||||||
if (needed_dynamic_alloc > 0) {
|
if (needed_dynamic_alloc > 0) {
|
||||||
*nc_addr_buffer_dynamic = (byte *)XMALLOC
|
nc->addr_buffer_dynamic = (byte *)XMALLOC
|
||||||
(needed_dynamic_alloc,
|
(needed_dynamic_alloc,
|
||||||
ssl->heap,
|
ssl->heap,
|
||||||
DYNAMIC_TYPE_SOCKADDR);
|
DYNAMIC_TYPE_SOCKADDR);
|
||||||
if (*nc_addr_buffer_dynamic == NULL)
|
if (nc->addr_buffer_dynamic == NULL)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1072,8 +1071,8 @@ static WC_INLINE int wolfSSL_set_endpoints_1(
|
|||||||
XMEMCPY(nc->addr_buffer, remote_addr, remote_addr_len);
|
XMEMCPY(nc->addr_buffer, remote_addr, remote_addr_len);
|
||||||
XMEMCPY(nc->addr_buffer + remote_addr_len, local_addr, local_addr_len);
|
XMEMCPY(nc->addr_buffer + remote_addr_len, local_addr, local_addr_len);
|
||||||
} else {
|
} else {
|
||||||
XMEMCPY(*nc_addr_buffer_dynamic, remote_addr, remote_addr_len);
|
XMEMCPY(nc->addr_buffer_dynamic, remote_addr, remote_addr_len);
|
||||||
XMEMCPY((*nc_addr_buffer_dynamic) + remote_addr_len, local_addr, local_addr_len);
|
XMEMCPY((nc->addr_buffer_dynamic) + remote_addr_len, local_addr, local_addr_len);
|
||||||
}
|
}
|
||||||
nc->remote_addr_len = remote_addr_len;
|
nc->remote_addr_len = remote_addr_len;
|
||||||
nc->local_addr_len = local_addr_len;
|
nc->local_addr_len = local_addr_len;
|
||||||
@@ -1095,7 +1094,6 @@ int wolfSSL_set_endpoints(
|
|||||||
return wolfSSL_set_endpoints_1(
|
return wolfSSL_set_endpoints_1(
|
||||||
ssl,
|
ssl,
|
||||||
&ssl->buffers.network_connection,
|
&ssl->buffers.network_connection,
|
||||||
&ssl->buffers.network_connection_addr_buffer_dynamic,
|
|
||||||
interface_id,
|
interface_id,
|
||||||
family,
|
family,
|
||||||
proto,
|
proto,
|
||||||
@@ -1118,7 +1116,6 @@ int wolfSSL_set_endpoints_layer2(
|
|||||||
return wolfSSL_set_endpoints_1(
|
return wolfSSL_set_endpoints_1(
|
||||||
ssl,
|
ssl,
|
||||||
&ssl->buffers.network_connection_layer2,
|
&ssl->buffers.network_connection_layer2,
|
||||||
&ssl->buffers.network_connection_layer2_addr_buffer_dynamic,
|
|
||||||
interface_id,
|
interface_id,
|
||||||
family,
|
family,
|
||||||
0 /* proto */,
|
0 /* proto */,
|
||||||
@@ -1130,9 +1127,8 @@ int wolfSSL_set_endpoints_layer2(
|
|||||||
0 /* local_port */);
|
0 /* local_port */);
|
||||||
}
|
}
|
||||||
|
|
||||||
static WC_INLINE int wolfSSL_get_endpoints_1(
|
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
|
||||||
const struct wolfSSL_network_connection *nc,
|
const struct wolfSSL_network_connection *nc,
|
||||||
byte *nc_addr_buffer_dynamic,
|
|
||||||
const void **remote_addr,
|
const void **remote_addr,
|
||||||
const void **local_addr)
|
const void **local_addr)
|
||||||
{
|
{
|
||||||
@@ -1142,8 +1138,8 @@ static WC_INLINE int wolfSSL_get_endpoints_1(
|
|||||||
return INCOMPLETE_DATA;
|
return INCOMPLETE_DATA;
|
||||||
|
|
||||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc)) {
|
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc)) {
|
||||||
*remote_addr = nc_addr_buffer_dynamic;
|
*remote_addr = nc->addr_buffer_dynamic;
|
||||||
*local_addr = nc_addr_buffer_dynamic + nc->remote_addr_len;
|
*local_addr = nc->addr_buffer_dynamic + nc->remote_addr_len;
|
||||||
} else {
|
} else {
|
||||||
*remote_addr = nc->addr_buffer;
|
*remote_addr = nc->addr_buffer;
|
||||||
*local_addr = nc->addr_buffer + nc->remote_addr_len;
|
*local_addr = nc->addr_buffer + nc->remote_addr_len;
|
||||||
@@ -1159,7 +1155,7 @@ WOLFSSL_API int wolfSSL_get_endpoints(
|
|||||||
const void **local_addr)
|
const void **local_addr)
|
||||||
{
|
{
|
||||||
*nc = &ssl->buffers.network_connection;
|
*nc = &ssl->buffers.network_connection;
|
||||||
return wolfSSL_get_endpoints_1(*nc, ssl->buffers.network_connection_addr_buffer_dynamic, remote_addr, local_addr);
|
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
|
WOLFSSL_API int wolfSSL_get_endpoints_layer2(
|
||||||
@@ -1169,12 +1165,11 @@ WOLFSSL_API int wolfSSL_get_endpoints_layer2(
|
|||||||
const void **local_addr)
|
const void **local_addr)
|
||||||
{
|
{
|
||||||
*nc = &ssl->buffers.network_connection_layer2;
|
*nc = &ssl->buffers.network_connection_layer2;
|
||||||
return wolfSSL_get_endpoints_1(*nc, ssl->buffers.network_connection_layer2_addr_buffer_dynamic, remote_addr, local_addr);
|
return wolfSSL_get_endpoint_addrs(*nc, remote_addr, local_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
static WC_INLINE int wolfSSL_copy_endpoints_1(
|
static WC_INLINE int wolfSSL_copy_endpoints_1(
|
||||||
struct wolfSSL_network_connection *nc_src,
|
struct wolfSSL_network_connection *nc_src,
|
||||||
byte *nc_addr_buffer_dynamic,
|
|
||||||
struct wolfSSL_network_connection *nc_dst,
|
struct wolfSSL_network_connection *nc_dst,
|
||||||
size_t nc_dst_size,
|
size_t nc_dst_size,
|
||||||
const void **remote_addr,
|
const void **remote_addr,
|
||||||
@@ -1192,7 +1187,7 @@ static WC_INLINE int wolfSSL_copy_endpoints_1(
|
|||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
XMEMCPY(nc_dst, nc_src, ((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0])));
|
XMEMCPY(nc_dst, nc_src, ((unsigned int)(unsigned long int)(&((struct wolfSSL_network_connection *)0)->addr_buffer[0])));
|
||||||
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc_src))
|
if (WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(*nc_src))
|
||||||
XMEMCPY(nc_dst->addr_buffer, nc_addr_buffer_dynamic, nc_src->remote_addr_len + nc_src->local_addr_len);
|
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer_dynamic, nc_src->remote_addr_len + nc_src->local_addr_len);
|
||||||
else
|
else
|
||||||
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer, nc_src->remote_addr_len + nc_src->local_addr_len);
|
XMEMCPY(nc_dst->addr_buffer, nc_src->addr_buffer, nc_src->remote_addr_len + nc_src->local_addr_len);
|
||||||
*remote_addr = nc_dst->addr_buffer;
|
*remote_addr = nc_dst->addr_buffer;
|
||||||
@@ -1211,7 +1206,7 @@ WOLFSSL_API int wolfSSL_copy_endpoints(
|
|||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection, ssl->buffers.network_connection_addr_buffer_dynamic, nc, nc_size, remote_addr, local_addr);
|
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection, nc, nc_size, remote_addr, local_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
|
WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
|
||||||
@@ -1224,7 +1219,7 @@ WOLFSSL_API int wolfSSL_copy_endpoints_layer2(
|
|||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection_layer2, ssl->buffers.network_connection_layer2_addr_buffer_dynamic, nc, nc_size, remote_addr, local_addr);
|
return wolfSSL_copy_endpoints_1(&ssl->buffers.network_connection_layer2, nc, nc_size, remote_addr, local_addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
|
WOLFSSL_API int wolfSSL_CTX_set_AcceptFilter(WOLFSSL_CTX *ctx, NetworkFilterCallback_t AcceptFilter, void *AcceptFilter_arg) {
|
||||||
|
|||||||
@@ -3450,20 +3450,8 @@ typedef struct Buffers {
|
|||||||
buffer tls13CookieSecret; /* HRR cookie secret */
|
buffer tls13CookieSecret; /* HRR cookie secret */
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
#ifdef WOLFSSL_NETWORK_INTROSPECTION
|
||||||
struct {
|
struct wolfSSL_network_connection network_connection;
|
||||||
struct wolfSSL_network_connection network_connection;
|
struct wolfSSL_network_connection network_connection_layer2;
|
||||||
union {
|
|
||||||
byte network_connection_addr_buffer_static[WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES];
|
|
||||||
byte *network_connection_addr_buffer_dynamic;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
struct {
|
|
||||||
struct wolfSSL_network_connection network_connection_layer2;
|
|
||||||
union {
|
|
||||||
byte network_connection_layer2_addr_buffer_static[WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES];
|
|
||||||
byte *network_connection_layer2_addr_buffer_dynamic;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
#define WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(x) ((x).remote_addr_len + (x).local_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
|
#define WOLFSSL_NETWORK_INTROSPECTION_ADDR_BUFFER_IS_DYNAMIC(x) ((x).remote_addr_len + (x).local_addr_len > WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES)
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_DTLS
|
#ifdef WOLFSSL_DTLS
|
||||||
|
|||||||
@@ -1155,7 +1155,10 @@ struct wolfSSL_network_connection {
|
|||||||
word16 remote_addr_len;
|
word16 remote_addr_len;
|
||||||
word16 local_addr_len;
|
word16 local_addr_len;
|
||||||
byte interface;
|
byte interface;
|
||||||
byte addr_buffer[0];
|
union {
|
||||||
|
byte addr_buffer[WOLFSSL_NETWORK_INTROSPECTION_STATIC_ADDR_BYTES];
|
||||||
|
byte *addr_buffer_dynamic;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#define WOLFSSL_NETWORK_CONNECTION_BUFSIZ(remote_addr_len, local_addr_len) \
|
#define WOLFSSL_NETWORK_CONNECTION_BUFSIZ(remote_addr_len, local_addr_len) \
|
||||||
@@ -1173,6 +1176,11 @@ WOLFSSL_API int wolfSSL_set_endpoints(
|
|||||||
unsigned int remote_port,
|
unsigned int remote_port,
|
||||||
unsigned int local_port);
|
unsigned int local_port);
|
||||||
|
|
||||||
|
WOLFSSL_API int wolfSSL_get_endpoint_addrs(
|
||||||
|
const struct wolfSSL_network_connection *nc,
|
||||||
|
const void **remote_addr,
|
||||||
|
const void **local_addr);
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_get_endpoints(
|
WOLFSSL_API int wolfSSL_get_endpoints(
|
||||||
WOLFSSL *ssl,
|
WOLFSSL *ssl,
|
||||||
const struct wolfSSL_network_connection **nc,
|
const struct wolfSSL_network_connection **nc,
|
||||||
|
|||||||
Reference in New Issue
Block a user