Mercurial > hg > freeDiameter
comparison libfdcore/p_ce.c @ 1238:8f9684264fe0
Change management of the p_reqin_count counter to be updated only on routable messages. This should limit the errors in the counter value resulting from rejected or discarded link-local messages.
author | Sebastien Decugis <sdecugis@freediameter.net> |
---|---|
date | Thu, 10 Oct 2013 16:08:46 +0200 |
parents | e72c9dad62ac |
children | 4ad4d614acfa |
comparison
equal
deleted
inserted
replaced
1236:a0d9fb49694e | 1238:8f9684264fe0 |
---|---|
632 static void receiver_reject(struct cnxctx ** recv_cnx, struct msg ** cer, struct fd_pei * error) | 632 static void receiver_reject(struct cnxctx ** recv_cnx, struct msg ** cer, struct fd_pei * error) |
633 { | 633 { |
634 /* Create and send the CEA with appropriate error code */ | 634 /* Create and send the CEA with appropriate error code */ |
635 CHECK_FCT_DO( fd_msg_new_answer_from_req ( fd_g_config->cnf_dict, cer, MSGFL_ANSW_ERROR ), goto destroy ); | 635 CHECK_FCT_DO( fd_msg_new_answer_from_req ( fd_g_config->cnf_dict, cer, MSGFL_ANSW_ERROR ), goto destroy ); |
636 CHECK_FCT_DO( fd_msg_rescode_set(*cer, error->pei_errcode, error->pei_message, error->pei_avp, 1 ), goto destroy ); | 636 CHECK_FCT_DO( fd_msg_rescode_set(*cer, error->pei_errcode, error->pei_message, error->pei_avp, 1 ), goto destroy ); |
637 CHECK_FCT_DO( fd_out_send(cer, *recv_cnx, NULL), goto destroy ); | 637 CHECK_FCT_DO( fd_out_send(cer, *recv_cnx, NULL, 0), goto destroy ); |
638 | 638 |
639 if (error->pei_avp_free) { | 639 if (error->pei_avp_free) { |
640 fd_msg_free(error->pei_avp); | 640 fd_msg_free(error->pei_avp); |
641 } | 641 } |
642 | 642 |
656 { | 656 { |
657 struct msg * cer = NULL; | 657 struct msg * cer = NULL; |
658 | 658 |
659 /* Send CER on the new connection */ | 659 /* Send CER on the new connection */ |
660 CHECK_FCT( create_CER(peer, initiator, &cer) ); | 660 CHECK_FCT( create_CER(peer, initiator, &cer) ); |
661 CHECK_FCT( fd_out_send(&cer, initiator, peer) ); | 661 CHECK_FCT( fd_out_send(&cer, initiator, peer, 0) ); |
662 | 662 |
663 /* Are we doing an election ? */ | 663 /* Are we doing an election ? */ |
664 if (fd_peer_getstate(peer) == STATE_WAITCNXACK_ELEC) { | 664 if (fd_peer_getstate(peer) == STATE_WAITCNXACK_ELEC) { |
665 if (election_result(peer)) { | 665 if (election_result(peer)) { |
666 /* Close initiator connection */ | 666 /* Close initiator connection */ |
711 | 711 |
712 /* Set the error code */ | 712 /* Set the error code */ |
713 CHECK_FCT( fd_msg_rescode_set(*msg, "DIAMETER_UNABLE_TO_COMPLY", "No CER allowed in current state", NULL, 1 ) ); | 713 CHECK_FCT( fd_msg_rescode_set(*msg, "DIAMETER_UNABLE_TO_COMPLY", "No CER allowed in current state", NULL, 1 ) ); |
714 | 714 |
715 /* msg now contains an answer message to send back */ | 715 /* msg now contains an answer message to send back */ |
716 CHECK_FCT_DO( fd_out_send(msg, NULL, peer), /* In case of error the message has already been dumped */ ); | 716 CHECK_FCT_DO( fd_out_send(msg, NULL, peer, 0), /* In case of error the message has already been dumped */ ); |
717 } | 717 } |
718 | 718 |
719 /* If the state is not WAITCEA, just discard the message */ | 719 /* If the state is not WAITCEA, just discard the message */ |
720 if (req || ((st = fd_peer_getstate(peer)) != STATE_WAITCEA)) { | 720 if (req || ((st = fd_peer_getstate(peer)) != STATE_WAITCEA)) { |
721 if (*msg) { | 721 if (*msg) { |
940 /* Do not send the ISI IPsec if we are using the new mechanism */ | 940 /* Do not send the ISI IPsec if we are using the new mechanism */ |
941 if ((isi == PI_SEC_NONE) && (! (peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD))) | 941 if ((isi == PI_SEC_NONE) && (! (peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD))) |
942 isi = 0; | 942 isi = 0; |
943 } | 943 } |
944 | 944 |
945 /* Update the counter to match with the answer being sent */ | |
946 CHECK_POSIX( pthread_mutex_lock(&peer->p_state_mtx) ); | |
947 peer->p_reqin_count++; | |
948 CHECK_POSIX( pthread_mutex_unlock(&peer->p_state_mtx) ); | |
949 | |
950 /* Reply a CEA */ | 945 /* Reply a CEA */ |
951 CHECK_FCT( fd_msg_new_answer_from_req ( fd_g_config->cnf_dict, &msg, 0 ) ); | 946 CHECK_FCT( fd_msg_new_answer_from_req ( fd_g_config->cnf_dict, &msg, 0 ) ); |
952 CHECK_FCT( fd_msg_rescode_set(msg, "DIAMETER_SUCCESS", NULL, NULL, 0 ) ); | 947 CHECK_FCT( fd_msg_rescode_set(msg, "DIAMETER_SUCCESS", NULL, NULL, 0 ) ); |
953 CHECK_FCT( add_CE_info(msg, peer->p_cnxctx, isi & PI_SEC_TLS_OLD, isi & PI_SEC_NONE) ); | 948 CHECK_FCT( add_CE_info(msg, peer->p_cnxctx, isi & PI_SEC_TLS_OLD, isi & PI_SEC_NONE) ); |
954 | 949 |
955 /* The connection is complete, but we may still need TLS handshake */ | 950 /* The connection is complete, but we may still need TLS handshake */ |
956 fd_hook_call(HOOK_PEER_CONNECT_SUCCESS, msg, peer, NULL, NULL); | 951 fd_hook_call(HOOK_PEER_CONNECT_SUCCESS, msg, peer, NULL, NULL); |
957 | 952 |
958 CHECK_FCT( fd_out_send(&msg, peer->p_cnxctx, peer ) ); | 953 CHECK_FCT( fd_out_send(&msg, peer->p_cnxctx, peer, 0 ) ); |
959 | 954 |
960 /* Handshake if needed */ | 955 /* Handshake if needed */ |
961 if (isi & PI_SEC_TLS_OLD) { | 956 if (isi & PI_SEC_TLS_OLD) { |
962 fd_psm_change_state(peer, STATE_OPEN_HANDSHAKE); | 957 fd_psm_change_state(peer, STATE_OPEN_HANDSHAKE); |
963 CHECK_FCT_DO( fd_cnx_handshake(peer->p_cnxctx, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, peer->p_hdr.info.config.pic_priority, NULL), | 958 CHECK_FCT_DO( fd_cnx_handshake(peer->p_cnxctx, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, peer->p_hdr.info.config.pic_priority, NULL), |